Bug bounty policy creates a supply and demand for people who have the skills necessary to find ways to breach security. The policy is low risk to the company since if no vulnerabilities are found then you do not have to pay out. On the likely chance that someone does find something, you can patch the fix and have a stronger security. There is a reason this is extremely important however. Many companies do not have a policy on people submitting bug reports and them not being able to be sued. This means that many companies are not open to the idea of someone being able to tell them about a vulnerability, which can leave them open to back door access into their systems or to their data. In the ever evolving world of technology, companies must rely on consumers and ethical hackers to report findings to help them find vulnerabilities and keep sensitive data safe.