Following on from one of my previous posts, the relevance of penetration testing is undergoing alot of scrutiny with the rise of bugbounty programs. I agree with these programs based on a single premise- I have a very specific method or mindset of performing activities and testing, the limitations of which will not meet the needs of larger organisations with very well matured applications or a large attack surface. Using a number of high quality resources will only increase the assurance process. As an occasional participant in bug bounties the learning opportunity is massive; I am exposed to applications and sites that I would otherwise be unable to interact with. Having stated this, bug bounties are not for everyone.