Traditional approaches to security are repeatedly being proven to be suboptimal. One of the biggest challenges of the continuous fight between defenders and attacker is huge asymmetry. Attackers have more resources, try various approaches and eventually succeed. How should we play the game not to get wrecked? We will discuss the effective solution based on bug bounty programs, specifically focusing on HackTrophy.