My interview with the Communications of the ACM on “Bug Bounties” where organisations pay security researchers to unearth vulnerabilities.