This blog was written by Stu Hirst, Head Of Security Engineering, Photobox Group, reflecting on his experience with the bug bounty model since 2015 when he ran a successful Bugcrowd program that yielded 149 vulnerabilities. At Photobox, they have a dedicated Application Security Team and Security Champions who assist in finding and fixing vulnerabilities, and they value the submissions from researchers as paramount to improving their security posture. They turned to Bugcrowd to streamline their process, leveraging its platform for managing relationships with researchers, prioritizing fixes using Vulnerability Rating Taxonomy, and developing an ongoing program of bug reward. Their first step is to manage Responsible Disclosure via a vulnerability disclosure program, and in 2019, they plan to establish a full bug program with cash and points rewards through Bugcrowd, showcasing their commitment to responsible disclosure and collaboration with the researcher community.