The easiest way to show this would be to give the responsibility of managing the bug bounty to a third party who isn't involved in the business.