"Bug bounty programmes offer a way for organisations to 'outsource' application security testing, but it comes at a cost," says Bob Egner, vice-president at security firm Outpost24.
"You have to pay a crowdsource bug bounty vendor to introduce your application to their independent researchers, manage the programme for you, and ultimately pay for any bounties required."
