Bug bounty programs have been hyped in the past 3 years, but this concept was actually widely implemented in the past. Nowadays, we can see big companies spending a lot of money on these programs, while understanding that this is the right way to secure software. However, there are lots of black spots in these programs which most of you are not aware of, such as handling with black hat hackers, ability to control the testers, etc. Henceforth, this presentation explains the current behaviors around these programs and predicts what we should see in the future.