The bug bounty policies that are made because companies want to be able to know what
vulnerabilities are in their company.It has been mentioned that. It has been reported that most
companies shut down because of a breach that has been made, if they were able to scope that out
before it happened a lot of companies would still be here. There are companies that’s whole
mission statement is to pay out the ethical hacker’s that find the vulnerabilities, this is a new field
but one that is very pivotal right now because of the ever changing cyber threats that plague the
companies. Any company that can afford a hacker , can get one. That is one big issue for the
smaller companies is that the hackers that are for the hire will go for the company that will have
a big pay out, some researchers have learned to do multiple companies at one time, especially if
the company is smaller which means they are unable to afford an advanced system engineer
which means the code is not that advanced to look for bugs. The article explains how many
researchers are assigned to a company when they want a hacker to look into them. The most
important factor is the pay out which means that the hacker will spend more time on the
company that pays more. The age of the code, the newer the code there could be software that
scans the code and finds the issue or the bug. The article also explains how effect this policy is
with references from 5 different scholars.

iran Sridhar, Ming Ng, Hacking for good: Leveraging HackerOne data to develop an economic
model of Bug Bounties, Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab007,
https://doi.org/10.1093/cybsec/tyab007