A recent incident with the Facebook Bug Bounty program has led to many different reactions supporting both Facebook and the security researcher. We will try to understand how and if Bug Bounties can be used to test your corporate web applications. Do not expect researchers to take into consideration your risk strategy when reporting bugs. Few researchers will carefully read your Bug Bounty guidelines and conditions. Few will actually respect these guidelines and even fewer will practically respect them. Unexpected testing methodologies and techniques will regularly appear on your horizon.”]