The policies of bug bounty were designed to enable white hat hackers to identify and reveal the vulnerabilities of the firm’s cyber infrastructure for some monetary benefit. It has been identified from the literature review of the article that such policies are driven by the principle of cost-benefit analysis and provide companies with a less expensive manner of discovering and mitigating vulnerabilities compared to traditional security audits. The results support the fact that bug bounty programs indeed harden cybersecurity by bringing in a wide pool of skilled people worldwide and proactively strengthen one’s defenses. However, challenges range from clarity over program guidelines down to management of volume, considering that reports received could strain internal resources.