Bug bounties are when ethical hackers attempt to find bugs or exploits in the code of companies that hire them, in order to fix any gaps in their security. The article below discusses their efficacy, providing data on the subject. Many companies are scrambling to allow bug hunters to work without fear of being sued, but there is very little in the metrics to suggest that bug bounties significantly increase the security of a company.

https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true