Bug bounty programs are used by companies to pay freelance security researchers or hackers in exchange for reporting vulnerabilities that are found in their systems and infrastructure. They have become very popular over the years. These programs are designed because it is more cost-efficient for companies to pay someone a one-time cash reward instead of hiring them and paying them a yearly salary. The article that was featured talked about the different policies that govern the different programs. It also discussed some factors that have influenced the amount of security researchers and bug bounty competitors. These factors included industry effects, brand profile, bounty amount, revenue, scope, and resolution time just to name a few. The article had six findings from the data that was used. The first was that hackers are relatively price insensitive, with an elasticity of between 0.1 and 0.2 at the median. The second was that bug bounties are effective tools for companies of all sizes and levels of prominence. The third was that companies in certain industries received fewer reports, ceteris paribus, than companies in other industries. The fourth was that the number of new programs created in any given month has a marginal and statistically insignificant impact on the number of reports companies receive on the HackerOne platform in that month. The fifth was that the programs receive fewer valid reports over time, all else remaining constant. Finally, the sixth was that it was emphasized how very little is known about bug bounty markets. In short, the article stated that more information and data is required in order to effectively research the factors that influence how bug bounty programs work. I think that the findings support the fact that different industries have different amounts of bug reports and that the amount of submitted reports will decrease over time depending on how much attention is put into the security posture for an organization. Bug bounties can be very difficult to take part in because they are becoming more and more saturated. There is so much competition and it can take a very long time for someone to actually find a vulnerability. Bug bounties are something that require additional research and examination.