Explore the world of bug bounties and their role in the Software Development Life Cycle (SDLC) in this keynote address from OWASP AppSec California 2015. Dive into Katie Moussouris' extensive background and insights on organizational empathy, the differences between bug bounties and penetration testing, and effective vulnerability response strategies. Learn about the three types of bounties, bug reporting trends, and the importance of market timing in bounty programs. Gain valuable knowledge on starting and maintaining an application security program, understanding initial spikes in vulnerability reports, and navigating the legal landscape surrounding the Computer Fraud and Abuse Act (CFAA). Discover how vulnerability information feeds back into the development process and get answers to common questions in the Q&A session.