A crowdsourced security program can be an effective way to identify vulnerabilities in an organization's assets, but it requires careful consideration and trust in the crowd. The assumption that the "crowd" is a malicious entity is often based on misunderstandings about black hat hackers who may not need permission to find vulnerabilities in publicly facing systems. By engaging the crowd, organizations can emulate what black/grey hats would do in the wild, but with a twist - they can learn about and remediate issues before nefarious parties do. The benefits of this approach include gaining an accurate picture of exposure, increasing the security posture, and reducing the attractiveness to attackers. However, concerns about trusting the crowd arise from worries that researchers may sell or exploit found vulnerabilities on the black/grey market. To address these concerns, Bugcrowd's platform uses a pyramid structure with multiple tiers of researchers, including those with verified identities and trust scores, to ensure responsible behavior. The platform also encourages organizations to avoid artificial barriers to talent and instead focus on leveraging the collective expertise of the crowd to augment their security team.