Thank you.
My questions could really go to anybody.
First and foremost, I'm really fascinated by this whole bug bounty scenario. I know it's been brought up before that you're encouraging it in your testimony that organizations use this, and perhaps governments as well. I think it's been known that the Canadian government does not use bug bounties, but we do have Canadian companies that do. Shopify is one that I have read about, and there are various companies that have been using them.
I was just wondering if you could explain to me a little bit more about the trust factor, and how a company is encouraging a bounty to be put out, which means more and more hackers, whether they are good or doing the right thing, to expose their vulnerabilities to protect themselves and the information of people. How can you be sure of that? How can you verify that? When you hire an employee, you do background checks and you trust that employee because of the rapport you've built with them. These are unknown people who would be going into your systems and perhaps learning information they may have. Even HackerOne, how do you ensure that those who are hacking on your behalf are giving you all of the information they've learned, and not using it for any other cause?