[pkfrank]

This assumes a linear relationship between (Bounty for vulnerabilities) :: (Identified outstanding vulnerabilities)

Presumably, one would see diminishing returns in the ability to find "low hanging fruit" exploits, and thus the economics @ a $50k pay-out would be even more attractive for Facebook.

[kbenson]

It's a market. As the vulnerabilities become harder to find, Facebook will have to increase the payout to continue to find takers, if they view it as a worthwhile investment (they may decide that since vulnerabilities are harder to find the program has less merit, which I would disagree with).