In a "traditional" penetration testing, a reduced team of professionals dedicate the billed hours to find the vulnerabilities they can in the asset objective of the penetration testing. Whether it is an entire company, a network, of an application.
In a zero sum penetration testing, a group of hackers, specifically knowledgeable on the specific technology in scope, are put to compete between themselves to find all the possible vulnerabilities. They will be rewarded based on the criticality and the relevance of the vulnerabilities discovered.
In a bug bounty, the company is always open for the hackers to find any security flaw. The commitment of the company is to work with the hackers to understand the problem and reward each vulnerability found separately.
The company being target of the bug bounty program will define with cazHack which are going to be the rewards based on the impact of the findings.