When Mark Zuckerberg wrote about creating a hacker-friendly company in the letter attached to Facebook’s IPO filing last year, he meant it–in more ways that one. Facebook has paid out more than $300,000 to hackers that reveal bugs in the site and help to fix them, according to Ryan McGeehan, the head of Facebook’s security response team. In a post to questions-and-answers site Quora earlier this month, McGeehan wrote that the company’s bug bounty program, which typically pays hackers around $1,000 for each vulnerability they disclose to Facebook’s security team, has paid out rewards to 131 researchers in 27 countries since it launched in July of last year, and has even hired one of those hackers as a summer intern.