I have worked on several bug bounty programs. Companies that don’t understand how they work likely don’t understand how QA, devops, or continuous testing work either.
Well maintained bounty programs are a godsend. They are cheaper to run than hiring a bunch of fte’s; usually more accurate; and they build trust and goodwill.
