OWASP has launched a bounty program for one of its projects, the Zed Attack Proxy (ZAP), to utilize crowdsourcing for security controls and improve the quality of their open source application security landscape. As an authority on appsec, OWASP faces challenges such as verifying the quality of their projects due to limited resources. The bounty program aims to alleviate this challenge by testing security control libraries, including ZAP, against various attacks. To implement the idea, OWASP turned to its community of volunteers and partnered with Bugcrowd, a service provider, to utilize their platform for quality assurance. This collaboration enhances the security research community and improves security controls for developers and companies using OWASP projects.