1) The document discusses tips for running a successful bug bounty program, including defining scope, focus, and exclusions up front; setting up an accessible testing environment; managing researcher expectations through clear communication; and establishing a vulnerability rating taxonomy.
2) It emphasizes the importance of preparation before launching a program, as well as ongoing communication and process improvement after launch.
3) Not preparing adequately by failing to provide scope or consider exclusions can result in a disaster, whereas a company that took bug bounty seriously saw a reduction in critical issues over time.