Bug Bounty is a program that is used by many organizations as an effective means of crowdsourcing security testing and tapping into the global security community. They help companies identify bugs in their code base, that they might have not known. They also provide companies that lack the cachet to recruit top-tier talent. Hackers may submit their findings to bug bounty programs when they believe they will enjoy rewards from vulnerable companies. There is also public and private bug bounty programs. Public bug bounty programs allows any HackerOne user to submit vulnerabilities. Private bug bounty programs require and invitation. These are selected hackers that posses appropriate skills for a particular company and meet certain criteria. In conclusion, this article expresses how little we know about bug bounty markets and that future research should focus on identifying and measuring more of the variables which determine hacker supply.