The journal article examines the efficiency of bug bounty programs across industries, focusing on significant conclusions about the factors that influence the percentage of legitimate vulnerability reports. It demonstrates that businesses such as finance, retail, and healthcare receive fewer reports, most likely because hackers have economic incentives to exploit vulnerabilities rather than disclose them. The study also found that raising rewards may not significantly increase hacker activity since hackers are price-insensitive. Furthermore, the study discovered that older programs got fewer reports over time, indicating the need for program changes to retain participation.

Despite the widespread use of advanced statistical models, a significant percentage of the variation in reports remains unexplained, indicating that more research is needed to identify additional contributing factors. Overall, the data stress the benefits of bug bounty projects but also show the difficulties in improving them across industries and understanding hacker activity.