Paying security researchers to privately identify areas of vulnerability helps strengthen security overtime and this is a good investment process for Facebook given its huge user base

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Paid-Bug-Bounty-Hunters-1-3-Million-2014.html/

There’s no doubt that Facebook has a problem with malware, spam and cybercrime on its pages. However, it has gone to great lengths to combat these issues with its bug bounty program, which pays individual security researchers and experts who uncover problems with the site. And according to a recent report on the program from Facebook, it’s only getting bigger and better. Facebook has paid out $3 million to researchers around the world since the site started its bug bounty program in 2011. However, $1.3 million of that came in 2014 alone. That total was paid to 321 researchers in 123 countries for an average prize of $1,788. Overall, submissions increased by 16 percent from 2013 to 2014. India reported the most issues, followed by Egypt and the United States.  “Report volume is at its highest levels, and researchers are finding better bugs than ever before,” Facebook wrote in its post announcing the 2014 results. “We’ve already received more than 100 valid reports since the start of the new year.”