Launching a bug bounty program is hard. Running and maintaining a successful bug bounty program is even harder. Using real-world stories of both failure and success, Alexandra Ulsh details how Mapbox's security team used tools, processes, automation, and empathy to decrease response time by 90%, reduce noise, and improve average report quality for its bug bounty program.