Social networking giant Facebook revealed that it has paid out $40,000 in connection with its security bug bounty program which started in July 2011, with one person having received $7,000 for discovering six issues.
Apart from Facebook, other well known tech companies such as Microsoft, Google, Hewlett Packard (via 3Com & TippingPoint) have also launched their own bug bounty schemes with significant success, which can be put down to a few things.
Firstly, crowdsourcing bug hunting with a monetary value attached to it, attracts significantly more attention from the whitehat community and from the press (as well as praise & kudos), even if the money involved (sometimes just a few thousands dollars) is a tiny fraction of the financial cost that could be derived from a particular bug.
Furthermore, hunting for bugs in this way involves more brains working simultaneously on the same issue, a bit like parallel processing; the end result being more bugs found per unit of time.
There's also the controversial argument that it is comparatively cheap to get it done this way, based on the fact that it is a pay-per-result scheme rather than a fixed cost.
An equally controversial reason could well be that by advocating and encouraging ethical white hacking and rewarding positive behaviour, the organisers want to prevent bright minds from potentially becoming black hat hackers.