A pen test is an authorized simulated cyberattack on a computer system to evaluate the security of the system. Bug Bounties are programs offered through which individuals can receive compensation for reporting security exploits and vulnerabilities. This session will breakdown the difference between the two and challenge whether pen tests are still necessary in combination with a bug bounty program.