threat maps vulnerability scans penetration testing responsible disclosure program bug bounty system and process audit threat intelligence threat feed proprietary closed source intelligence OSINT data sources dark web application security static analysis dynamic analysis package monitoring