This post discusses the evolution of bug bounties from open contests to more nuanced programs meeting organizational goals and objectives. Organizations run bug bounty programs for various business drivers, including improving security testing, conducting application testing before launch, providing a channel for vulnerability reporting, and showcasing commitment to security through public programs. These programs can be tailored to specific needs, such as on-demand or private programs, and can help organizations optimize their security posture, improve relationships with the security research community, and gain a competitive edge in their industry.