Social network Facebook has forked out $40,000 to web users that have discovered security flaws on the site.
Facebook announced its bug bounty programme three weeks ago, that runs alongside its own teams that search out and disable security flaws. The social network said it would pay a base rate of $500 for security related bugs, such as cross site scripting flaws. However for truly significant flaws Facebook said it will pay more, although at the time company executives wouldn't reveal how much. The social network has now said it paid a "$5,000 bounty for one really good report".
The social network said one security researcher had received $7,000 after reporting six different issues.
"The program has also been great because it has made our site more secure - by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code," Facebook's chief security officer, Joe Sullivan, said in a blog.
"A bug bounty program is a great way to engage with the security research community, and an even better way to improve security across a complex technological environment. Facebook truly does have the world's best neighbourhood watch program, and this program has proven that yet again for us."
However, Facebook revealed it has no plans to extend the bug bounty programme to third-party apps as its "just not practical because of the hundreds of thousands of independent internet services implicated".
The social network says it does "care deeply about security on the Platform".
"We have a dedicated Platform Operations team that scrutinises these partners and we frequently audit their security and privacy practices. Additionally, we have built a number of backend tools that help automatically detect and disable spammy or malicious applications. People on our site agree that our protections, coupled with common sense, provide a rigorous level of security."