Bug bounties have become a staple of the cyber security toolkit, offering researchers a way to get paid to find and report bugs and giving businesses a route to fix unknown flaws. However, this model is now facing scrutiny. What is driving these concerns?
