What if most hackers around the world used their powers for good instead of evil?
Imagine crowdsourced security, with thousands of people dispersed in every time zone, available to warn your company of vulnerabilities within its websites, mobile applications, APIs or IoT devices. Imagine further that these individuals will agree to register with and be vetted by your program, that they will accept your legal terms and conditions regarding which systems and services are in scope, which testing methods are permitted, and which actions are out of bounds (such as intentionally accessing or copying personal data, or hacking third-party providers). Imagine further still that these ethical hackers will not publicly disclose any vulnerabilities they find, without express permission. Finally, imagine that you get to pay out a reward, of your choosing, only to those white hat hackers who actually discover vulnerabilities, and even then only if the bugs were not previously submitted and not easily found by running automated scans.