A skyrocketing increase in cyber-attacks significantly elevates the importance of secure software development. Companies launch various bug-bounty programs to reward ethical hackers for identifying potential vulnerabilities in their systems before malicious hackers can exploit them. One of the most difficult decisions in bug-bounty programs is appropriately rewarding ethical hackers. This paper develops a model of an inter-temporal reward strategy with endogenous e-hacker behaviors. We formulate a novel game model to characterize the interactions between a software vendor and multiple heterogeneous ethical hackers. The optimal levels of rewards are discussed under different reward strategies. The impacts of ethical hackers’ strategic bug-hoarding and their competitive and collaborative behaviors on the performance of the program are also evaluated. We demonstrate the effectiveness of the inter-temporal reward mechanism in attracting ethical hackers and encouraging early bug reports. Our results indicate that ignoring the ethical hackers’ strategic behaviors could result in setting inappropriate rewards, which may inadvertently encourage them to hoard bugs for higher rewards. In addition, a more skilled e-hacker is more likely to delay their reporting and less motivated to work collaboratively with other e-hackers. Moreover, the vendor gains more from e-hacker collaboration when it could significantly increase the speed or probability of uncovering difficult-to-detect vulnerabilities.