The program bug bounty is a penetration testing unit in which cybersecurity specialists use their knowledge to pinpoint and explain vulnerabilities in a company’s network. Companies are looking into paying for a better security network for their business, researchers analyzed a large dataset which leverages variables to eliminate sources of endogeneity. Researchers have a price range of supply between 0.1 and 0.2. A company’s revenue and brand do not have the impact of valid security vulnerabilities more than other companies. Companies in finance, retail, and healthcare sectors are notified of fewer valid vulnerabilities reports. There is no evidence that new companies joining HackerOne Platform dampen the number of reports that firms receive. Programs receive fewer valid reports as they grow older and bugs become harder to find.