As information security becomes more important as the fourth industrial revolution gradually emerges, an efficient and effective way to find vulnerabilities in information systems is becoming an essential requirement of information security. As the point of the protection of current information and the protection of the future industry, the Korean government has paid attention to the bug bounty, which has been recognized for its efficiency and effectiveness and has implemented through the Korea Internet Security Agency s S/W vulnerability bug bounty program. However, there are growing problems about the S/W vulnerability bug bounty program of the Korea Internet Security Agency, which has been operating for about 7 years. The purpose of this study is to identify the problems in Korean bug bounty policies through the characteristics of the bug bounty program, and to suggest the direction of the government s policy to activate the bug bounty like changes in the government s approach utilizing the market.