I genuinely don’t believe there are truly secure applications. People are always finding new attack vectors, either through our code, infrastructure, or people. Having a Bug Bounty program allows “ethical” attackers to help you identify these potential pitfalls before the bad guys find them.