/cdn.vox-cdn.com/uploads/chorus_image/image/63709788/facebookprivacy.0.1543128457.0.jpg)
Facebook is paying people to pick apart its software.
The social network paid out $1.3 million last year to people who reported bugs or vulnerabilities in the company’s software, the second straight year Facebook has paid more than $1 million for these services.
Facebook offers what it calls a “Bounty Program,” encouraging programmers to find weaknesses in company code and then paying those developers to bring those weaknesses back to Facebook. The company is trying to reward hackers who might otherwise post these vulnerabilities online.
Coughing up $1.3 million (and $1.5 million in 2013) is a small price for Facebook to pay considering the alternative. Imagine a scenario where a bug that exposed private user data was posted online. It’s hard to put a dollar amount on what that might cost Facebook, but it’s safe to say preventing the loss of user trust alone is worth much more than $1.3 million.
The program is nearly four years old, but last year was Facebook’s busiest. Submissions increased by 16 percent, and the number of “high severity” bugs reported was up 49 percent, according to a company post.
Facebook isn’t alone in taking this strategy. In fact, hundreds of companies offer similar programs, according to Bugcrowd, including Twitter, Google and Square.
This article originally appeared on Recode.net.