Explore the world of bug bounty programs in this 55-minute conference talk from AppSecUSA 2016. Delve into the evolution, structure, and best practices of these valuable vulnerability identification tools. Learn about the Department of Defense's first authorized bug bounty program and how vendors are reevaluating their approach. Address key concerns such as controlling bug hunters, security and privacy issues, contractual matters, handling rogue hackers, and liability and compliance considerations. Gain insights from industry experts Jim Denaro and Casey Ellis as they discuss effective program structuring, offensive and defensive applications of intellectual property, and the scalability of bug bounty initiatives. Understand the rewards and risks associated with these programs, and discover how they're reshaping the landscape of cybersecurity.