Bug bounty programs (BBPs) leverage ethical hackers to identify software vulnerabilities, but vendors often maintain secrecy about these flaws, creating information asymmetries that can jeopardize user security. The article advocates for mandatory disclosure requirements to enhance transparency, arguing that this would improve software quality and foster trust within the ecosystem. It emphasizes the need for governmental intervention and standardized guidelines to balance the benefits of BBPs with the necessity for consumer protection.