Bug bounty policies are a rather genius method of recruiting cyber help at low cost. As stated in the article, SME’s struggle the most to recruit talent, while also having the most need for talent. Establishing bug bounty programs can help smaller organizations seek and remediate vulnerabilities they may not have the in-house talent to find.

Another aspect of bug bounties that make them so useful is that of Linus’s Law. The law states that “given enough eyeballs, all bugs are shallow.” While a small team of 3 cyber professionals might be able to find and remediate a lot of vulnerabilities on a network, a mass of people from different places, with different educations and thought processes may find bugs that the small team may not find.

Overall, I think that bug bounty programs are good practice as it incentivizes people to find and report bugs for profit. It is a cost efficient method for organizations to up their security and provides another monetary reward to hackers other than selling exploits for use.