“Bug bounty programs incentivize security researchers to test your systems for weaknesses and then provide you with an opportunity to fix the problems and strengthen your defenses,” says Mike Chapple, adjunct analyst with IDC‘s IT Executive Programs (IEP). “These programs allow you to benefit from the collective thinking of a large community of security professionals. You’ll have more minds focused on your security posture than you could ever hire as employees or consultants.”

IDC Research Report published December 2018.
Read the full report: IDC PlanScape: Launching a Bug Bounty Program