Financial times reported how companies like Facebook, HP and Google run programs that rewards outsiders who are not employees, with cash rewards on detecting flaws with their code/systems.
Facebook runs a ‘bug bounty program’; HP has a somewhat similar program called the ‘Zero day initiative’; Mozilla and Google are other companies who are adopting the same approach.
I think this is a great trend. Involving people who are not necessarily employees and providing an incentive to detect flaws and vulnerabilities is a step in the right direction. It not only creates awareness, but also shows willingness on the part of the company to build a safer and more secure experience for the users.