In this article, Sridhar and Ng conducted a study based on bug bounty programs and how they might develop an economic model for these programs by using HackerOne’s statistical data about vulnerabilities and vulnerability reports. The methodology they conducted was leveraging and using the identification strategy for further observation of HackerOne’s data. From these two methods, they were able to gather information and determine the number of vulnerabilities and vulnerability reports that happened within the timeframe they chose to study. Also, the advantages and disadvantages of the model. From the results of using another model, they were able to find six reasons which are hacker supply is price elastic, brands have an economically insignificant impact on companies, industry effects, the number of new programs has statistically insignificant effect on company reports, programs receive fewer reports over time, and variation in program reports remain unexplained. Reading the study it made me realize that some vulnerabilities go unreported or some might be missed since companies have fewer reports. Also how hackers in companies either show less or more price sensitivity.