Bug Bounties is a job that fluctuates for sure, it all depends on companies and websites that need hackers to find vulnerabilities to secure the network best possible. The position has increased in popularity but so has the competition and the market. Prices for jobs vary, it is not always obvious on how exclusive a bug is. Only the first hacker to find a bug is compensated, which changes the market and the effort put forward by these hackers to make sure their work and time is compensated. The satisfaction with bug bounties and the need of vulnerability reports received influences private firms to become public. Firms want more reports because then the market will open, and potential hackers will join the scene putting in immense effort to find a bug to get compensated, the number of genuine security vulnerability reports a company’s program receives is not significantly impacted by its income or brand reputation from an economic standpoint. Even though these estimates are not statistically significant at the 5% level, organizations in the financial, retail, and healthcare industries receive less legitimate vulnerability notifications than companies in other sectors was discovered. As programs get older and defects are harder to uncover, we observe that the number of valid reports decreases. This unfavorable age effect might be mitigated if the program expands the amount of hackable code.