Explore the complexities of bug bounty programs in this 20-minute conference talk from Security BSides London. Delve into the hidden depths beyond publishing a scope, examining whether more eyes truly lead to better security outcomes. Analyze the intricacies of project-specific and non-project-specific hunters, and uncover the surprising connection between the city of St Petersburg and bug bounties. Gain insights into the motivation behind these programs, statistical evidence, relevant academic studies, and various hunter archetypes. Investigate the St Petersburg Paradox and its application to bug bounty ecosystems. Conclude with a discussion on private programs and their role in the broader security landscape.