There is an increased adoption and accessibility of bug bounty programs among larger organizations, which has led to improved awareness of their value. However, concerns about the risks of running such programs remain, including putting a target on one's back, unknowns, unauthorized public disclosure, and perceived liability issues. To mitigate these risks, it's essential to operate with a clear understanding of the benefits and limitations of bug bounty programs, define a scope for testing, articulate what is and isn't acceptable, manage budget effectively, and have a plan in place for handling potential risks or incidents. Ultimately, many of these concerns are perceived rather than real, and running a bug bounty program can be a valuable security assessment method that outweighs the risks when done properly.