LinkedIn has paid out more than $65,000 (£41,000) in private bug bounty prizes since last October after 65 flaws were reported to the professional social network.
The scheme was set up on the HackerOne platform in order to make use of the white hat hacking firm’s experience in tax reporting and accounting, following reports of potential scams which could be used to expose the personal details of high-ranking executives.
Cory Scott, director of information security at LinkedIn, said: "While the vast majority of reports submitted to our notification email address were not actionable or meaningful, a smaller group of researchers emerged who always provided excellent write-ups, were a pleasure to work with and genuinely expressed concerned about reducing risk introduced by vulnerabilities.
"We created this private bug bounty program with them in mind – we appreciated working with people dedicated to coordinated disclosure practices and wanted to engage them in a deeper and mutually rewarding relationship."
Whilst LinkedIn did consider creating a public bounty programme, much like that run by Google, it ultimately decided that the "cost-to-value" of such a scheme would not fit the firm’s goals.
Instead the social network made the programme invitation only, requesting that hackers join the scheme on the basis of previous experience and reputation.
"An important factor when working with external security reports is the signal-to-noise ratio: the ratio of good actionable reports to reports that are incorrect, irrelevant, or incomplete," Scott said.
"LinkedIn’s private bug bounty program currently has a signal-to-noise ratio of 7:3, which significantly exceeds the public ratios of popular public bug bounty programs."
The apparent success of the programme comes after last September’s release of a proof-of-concept which allowed Rhino Security Labs to guess the email address of the American businessman Mark Cuban.
The scam worked by setting up a macro to guess email addresses against a person’s LinkedIn profile, which could then open the victim up to further spam or phishing emails.