This piece is the final in a series of three blog posts on bug bounty programs and what are some considerations to think about when investing in or launching the program. Last year, Okta announced that we launched a public bug bounty program with Bugcrowd. I’ve already written about the early considerations necessary to successfully implementing a public bug bounty program and who you should involve in the process, now I’ll share what you should think of as final deliberations and steps. Setup the product infrastructure: If your company has a freemium product or if your users are the product, then it is easier to deliver something for testing to the researchers. They probably already use it in their daily lives. If you have an enterprise product, you will have to think through how to provision a full-featured paid product for free to a bunch of bounty.