Bug bounties are useful, but according to one of their greatest advocates they’re no silver bullet. They have a high signal-to-noise ratio and can be poor value for money.
Article Link: https://www.zdnet.com/article/relying-on-bug-bounties-not-appropriate-risk-management-katie-moussouris/#ftag=RSSbaffb68