Skyscanner's IT security function, known as the Security Squad, was looking to expand its testing methods beyond standard penetration testing. The company began exploring crowd-sourced testing mechanisms in 2015 and initially faced some challenges before launching a successful bug bounty program with Bugcrowd. The two-week Flex scheme resulted in over 140 bugs being found by skilled researchers from around the globe, with 43 of those bugs being prioritized for immediate investigation. The program provided valuable information to Skyscanner's Engineering squads, including replication steps and attack strings, allowing them to quickly fix bugs and improve the company's product security. With a positive reaction across the business, Skyscanner plans to double its efforts in bug bounty schemes in 2016 and incorporate them into its overall testing strategy, complementing penetration testing with a mature testing approach.