Here is an article which outlines details on an opinion about bug bounties. This same article was word for word posted to a mailing least at breachexchange@lists.riskbasedsecurity.com by Audrey McNeil. Article is located here: http://edmdigest.com/opinion/the-cybersecurity-bug-bounty-crusade/

I've assumed that this is a good practice based on personal professional experience and what I hear discussed in broader circles. This piece has a slight taste of distrust for the practice and carefully chooses words like 'Crusade', which don't carry a positive connotation.

Is it on target and how close to the ideal is it?