Bug bounty policies seem to be a cost-effective way for organizations to identify and address vulnerabilities in their networks. As noted in the research study, organizations can fund a bug bounty program for less than the cost of two full-time software engineers. Bug bounty programs incentivize ethical hackers to report observed vulnerabilities to the impacted organizations, rather than exploiting the vulnerabilities themselves. In addition, the general cost inelasticity of bug bounty programs means that smaller organizations are also able to take advantage of these policies. The research study also observed that some industries, such as healthcare and retail, receive fewer bug bounty reports, however, further research is necessary to determine the cause. Finally, the study concluded that organizations receive fewer bug bounty reports over time, likely due to vulnerability detection becoming more time-intensive as more obvious vulnerabilities are addressed.