Discover practical tips for running a successful bug bounty program in this 52-minute conference talk from AppSecUSA 2016. Learn about the history of bug bounties, the value of crowdsourced testing, and key considerations for implementing a program. Explore topics such as scope definition, managing expectations, communication strategies, and vulnerability rating taxonomies. Gain insights from experienced professionals who have managed hundreds of bug bounty programs, and understand how to effectively engage with security researchers. Delve into the challenges and benefits of bug bounty programs, including coordinated disclosure and business impact considerations. Conclude with a case study from Instructure to see real-world application of these principles.