There is a great deal of debate about the merits of listening to the security concerns of people outside of an organization. On one end of the spectrum companies refuse to discuss any aspect of their security with the public. On the other end of the spectrum companies proactively encourage the public to report security vulnerabilities by paying well meaning hackers (usually called “white hat” hackers) to report problems. While these companies view “bounty” programs as . . .