Bug bounty programs allow for a wider range of vulnerabilities to be discovered that internal teams may not be aware of. They leverage the collective expertise and diverse perspectives of security researchers, thus leading to an improved overall security through the identification of vulnerabilities that the internal team may overlook. Internal teams might suffer from 'blind spots' or biases owing to their familiarity with the systems, whereas external researchers provide fresh eyes to identify weaknesses. Having ethical hackers from outside the organization helps to simulate a more realistic attack scenario and offers new insights and approaches for vulnerability discovery. While additional security assessments and awareness are valuable, they are not the primary benefit of a bug bounty program. Designing new security tools or logging systems may be a potential outcome of vulnerability findings, but it is not the direct goal of such a program.