The importance of defining scope in a crowdsourced security program cannot be overstated, as it directly affects the outcome of testing and the potential rewards for testers. The term "in scope" refers to assets that have been clearly defined by the program as allowed for testing, while those marked as out of scope are not explicitly defined or listed as such. Going out of scope can result in significant repercussions, including legal action, ban from the program, and no reward, making it crucial for testers to understand and respect the boundaries set by the program owner. To stay within scope, researchers should focus on wide recon efforts and deep, nuanced vulnerabilities, using tactics such as company domain scanning and port analysis, to increase their chances of finding high-value vulnerabilities and receiving payouts.