Given the findings of the study and the intentions behind the bug bounty policies, bug bounty policies should be encouraged and implemented for all types of companies. The study included various factors that impacted the number of reports such as program age, industry, brand profile, bounty amount, time to resolution, revenue, scope, new programs, and private vs. public programs. The study found that hackers are mostly price insensitive, bug bounty policies are beneficial to companies of all sizes, companies in certain industries will have fewer reports than other industries, the number of new programs has an insignificant impact on the number of reports, and programs receive fewer reports as time passes. Each company will have to conduct their own cost/benefits analysis however; the findings of the study indicates a larger number of benefits than costs. Due to the shortage in professionals, bug bounty policies will be especially helpful for small companies who cannot compete with larger companies in the hiring of professionals and pay for a full-time employee. Although bug bounty policies are good, there should be regulations and laws implemented to ensure the companies and the hackers do not take advantage of each other. Companies might take advantage of inexperienced hackers who want to build their reputation by lowering the prices of bounties significantly. On the other hand, hackers may take advantage of smaller companies by false reporting or creating their own vulnerabilities.