In my apparent ignorance, when I first read the title I actually imagined Facebook developing a backdoor of some kind into Tails, given that Tails is open source.
Then I understood that "developing" an exploit means taking advantage of existing properties/vulnerabilities.
"develop" here refers to the process of (potentially) researching and then subsequently writing the software that exploits a vulnerability (an 'exploit'). It's used in the same sense as any other software development.
The process of discovering a vulnerability is called 'vulnerability research'.
So when Schneier says Facebook paid for an exploit to be developed, it means they paid for software that exploits a vulnerability.
In the case of paying for such exploits, it's not always clear who exactly did the research. Often the research comes from a third party who put together a simple proof of concept that demonstrates only that the security control can be breached (the PoC) -- then, a contractor may buy this vulnerability ('0day') from e.g. zerodium and develop an exploit for it, which will usually be pretty much point and shoot so you don't need an exploit dev team to leverage it.
Yes. There is a large industry that develops products for law enforcement and intelligence agencies focused on "exploit development," which is largely focused on developing exploits for zero day vulnerabilities in widely used software.
Then I understood that "developing" an exploit means taking advantage of existing properties/vulnerabilities.
Is this standard wording in security circles?