While other sectors see less reports more often, the study’s conclusions on bug bounty programs suggest that hackers are often price-insensitive, which is good news for companies across many different sectors. The literature review reveals a gap in our understanding of how bug bounty marketplaces work, suggesting the need for more investigation into this topic. Companies’ exposure to software upgrades appears to be unrelated to, according to the statistics,  the amount of reports they receive from websites such as HackerOne. Not only does this demonstrate the complexity of the environment supporting bug bounty programs, but it also suggests that factors other than new programs likely influence the behavior of bug reporters.