Here's a new way to support your expensive VR habit: hunt for flaws in the code for the Oculus Rift virtual reality headset, software development kit (SDK), and website.

Facebook just announced it is incorporating Oculus, which it acquired in March for $2 billion, into its infamous bug bounty program.

Under the program, individual security researchers who report bugs to Facebook may be financially rewarded. The minimum reward is $500, and there is no cap on the maximum. Facebook paid out $1.5 million in bug bounties last year.

Facebook paid out $1.5 million in bug bounties last year

Right now, most of the bugs are in the messaging system for Oculus developers and parts of the website, which makes them not much different from bugs found in the social network, says Facebook security engineer Neal Poole.

However, since Oculus is the company's first hardware product, Facebook's security team may start getting a new species of bug. It's certainly possible that an ambitious hacker could one day mess with an Oculus Rift while it's strapped to your face.

"A lot of the issues that come up with Oculus are not necessarily in the hardware yet," Poole says. "Potentially in the future, if people were to go explore and find issues in the SDK or the hardware, that is definitely of interest to us."

Bug bounty programs are increasingly common as tech companies harness the power of the crowd to audit their code.