The article is focused on bug bounty programs. Bug bounty programs pay people for identifying vulnerabilities in a company’s network or physical security network. The article found for the first time the elasticity of hacker supply, which was between 0.1 and 0.2. This means that hackers who are willing to do the program are mostly incentivized by how much money they would be getting out of the bug bounty program, so this can add a big cost to the company. The article also found that bug bounty programs are effective for all company sizes. This means the benefit of having this program outweighs the cost of not having one. The article also talks about how little we know about bug bounty markets, mainly because of all the variables that can go into them.