Nice, but these bug bounty programs must be one of the cheapest possible ways to "outsource" QA work. Paying a few thousand dollars for a critical security hole? That's extremely cheap compared to a regular QA department.<p>I'm of course not saying that it replaces the QA department, but even if they hire only 1 person less because of these programs it's already financially worth it for them.