The use of a free-lance hacker via the bug bounty policy is a good policy to utilize in my opinion. Cybersecurity experts as good as they may be could use help at times. At the end of the day, the goal of the company is to protect its bottom line and prevent a financially costly breach from occurring, and protect its reputation as well. The use of a free-lance hacker allows for the use of an outside perspective that can aid with not only one vulnerability but any future major vulnerability you may encounter. The downside of utilizing a free-lance hacker is not knowing where their loyalty truly lies or if there is some endgame involved with their participation. What it all comes down to at the end of the day is weighing the cost/benefits versus the risks/rewards of hiring an outside entity.