While companies are just scratching the surface of understanding their Internet-facing architecture, hackers have been monitoring growing attack surfaces to find vulnerabilities where companies aren't looking (or maybe not prioritizing) and reaping the reward through bug bounty programs.