In the modern security playbook, bug bounty programs feel inevitable: put your software in front of motivated researchers, pay them fairly for responsibly disclosed bugs, and ship safer code. But the ...