HackerOne is in the business of helping organizations develop and implement bug bounty programs. The basic idea is to provide a financial reward incentive for researchers to report discovered vulnerabilities rather than selling them on the black market. Some security researchers disclose vulnerabilities to the vendor simply because its the right thing to do, or for the prestige. The research from HackerOne examines the various levers or triggers that drive vulnerability disclosure and the zero day market. There are more levers to tip the scales from one side to the other than just money, and defenders need to use them.”]