From the journal article “Hacking for good: Leveraging HackerOne data to develop an economic model for Bug Bounties” we learn that evidence supports the assertion that the policy of bug bounties, where third party hackers are compensated for identifying and communicating bugs or weaknesses in an organization’s cyber systems is a cost-effective way for those companies to address potential weak spots.  Unfortunately a large percentage of companies do not utilize bug bounties although that may be changing since 2019 as government agencies and private companies have began creating vulnerability disclosure policies that create a framework so that researches can submit bugs and weaknesses without concern of being sued.  The journal article sought to provide more information on bug bounty markets based on a variety of different factors but ultimately further research was recommended.  The article did find what it termed “six significant findings” which are as follows: 1) Hackers are price insensitive and not motivated by monetary gain; 2) Bug bounties are an effective cybersecurity tool for companies of all different profiles and sizes; 3) Some industries receive fewer bug reports than others; 4) New programs do not appear to impact the number of bugs reported in a given month; 5) Programs receive fewer bug reports over time as bugs become harder to identify and the risk/reward analysis changes for hackers; and 6) More research is needed to adequately understand bug bounties and the positive and negative impact it has on public and private organizations and their cybersecurity.