Why (not) use a Bug Bounty platform?

Pros and cons for companies

Pros	Cons
Initial Triage is done by the bug bounty platform staff. Triaging is the process of compiling vulnerability reports, verifying them, and communicating with hackers.	Bug bounty platforms are not cheap. It is a real possibility that you pay more to the platform than you would pay to security researchers (your primary audience).
The level of metrics/reports depend on individual platforms. All major bug bounty platforms have a feature to get metrics/reports.	Noise. Not only the best, but also starters are on the platforms.
Integrations wth issue tracking, notification systems and platforms (Jira, Slack etc). Depending. Not all platforms provide integrations out of the box.
All major bug bounty platforms provide different levels of RBAC, like editor, administrator, read-only etcetera. The principle of least-privilege.
Because thousands of researchers are already on the bug bounty platforms looking for programs to find vulnerabilities in, you get access to these researchers. And noise.
Most of the major platforms assign customers a success manager. They will help with scope adjustments, platform features, filtering of researchers, bounty pay-outs, etc.

Pros	Cons
Transparency into a company’s process: disclosed reports, metrics about the programs’ triage rates, payout amounts, and response times.	Triagers, third-party employees often not familiar with all the security details about a company's product, may handle reports improperly (a common complaint).
No worries about the logistics of emailing security teams, following up on reports, and providing payment and tax info every time you submit a vulnerability report.	Programs on platforms break the connection between hackers and developers. With a direct program, you can discuss the vulnerability with a company’s security engineers.
They can step in to provide conflict resolution and legal protection as a third party.	If you submit a report to a non-platform program, you have no recourse in the final bounty decision.
You can’t always expect companies to pay up or resolve reports in the current state of the industry. The hacker-to-hacker feedback system that platforms provide is helpful.	You may get a T-shirt you already have.
Public programs on bug bounty platforms are often crowded, because the platform gives them extra exposure. Many privately hosted programs do not get as much attention from hackers and are thus less competitive.	And for the many companies that do not contract with bug bounty platforms, you have no choice but to go off platforms if you want to participate in their programs.

Not either/or, both then.