A bug bounty is a program hosted by various companies to locate vulnerabilities affecting the software and end user. The “bugs” varies from different levels. For example, some bugs can have a high vulnerability risk, whereas a minor bug only affects the content display. Therefore, a bug bounty is less expensive than a lawsuit and data breach. Nevertheless, addressing bugs is vital because they could bring a downfall to a company. Therefore, companies should invest in bug bounties because multiple brains are better than one. For example, the bug can be on the end user, and companies would be responsible if a bug exploits the consumer’s device.

Source

https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453