Last November Reginaldo Silva, a computer engineer in Brazil, found one of the worst kinds of vulnerabilities in Facebook's software. It has netted him the biggest bug bounty the social network has ever paid out, but while he's not complaining, it wasn't quite the windfall he hoped for. The bug related to code used for OpenID, an authentication system that lets people use the same login credentials for multiple online services.