Network and application security are big deals and big business these days. It seems that a day does not pass that you hear about a new breach, exploit, hack or something. This sad state has prompted a few companies to actually look outside their organizations for help and offer bug bounties to individual researchers that find holes in applications and hardware. These bounties can be quite the incentive to get people to tear into your application looking for exploits, but even more important than rewards is having a clear method to report problems and a team that actually responds to them when they are found.