Bug bounty programs do not necessarily provide adequate coverage or same caliber of testing methodologies as penetration tests, but they offer the benefits of depth and breadth due to the large number of testers participating in a program. The pay-for-results model used in bug bounties encourages deeper and more focused testing, often yielding results that penetration tests missed. Continuous testing is also crucial for effective security assessment, especially with agile development processes. Engaging the crowd through a bug bounty program expands access to the skills of penetration testers, exposing code to their expertise at scale.