A later module addresses cybersecurity policy through a social
science framework. At this point, attention can be drawn to one type
of policy, known as bug bounty policies. These policies pay
individuals for identifying vulnerabilities in a company’s cyber
infrastructure. To identify the vulnerabilities, ethical hackers are
invited to try explore the cyber infrastructure using their penetration
testing skills. The policies relate to economics in that they are based
on cost/benefits principles. Read this article
https://academic.oup.com/cybersecurity/article/7/1/tyab007/61684
53?login=true and write a summary reaction to the use of the
policies in your journal. Focus primarily on the literature review and
the discussion of the findings.
The article presents findings regarding bug bounty programs and their effectiveness in incentivizing hackers to report vulnerabilities. First, it highlights that hackers tend to be price insensitive, suggesting that bug bounty rewards may not need to be high in payment to attract submissions. This could entice smaller companies to utilize bug bounty programs to improve their cybersecurity. Second, the study indicates that a company’s size and profile do not significantly impact the number of bug reports it receives. This implies that bug bounty programs can be equally effective for smaller or less prestigious companies, leveling the playing field in terms of cybersecurity resilience. The study also suggests that the establishment of new bug bounty programs does not significantly affect the number of bug reports received by companies. This implies that the benefits of bug bounty programs persist even as their number increases, offering continued value for organizations investing in them. The research finds that bug bounty programs tend to receive fewer reports as they age. Expanding the scope of these programs could help mitigate this decline, providing an avenue for maintaining their effectiveness over time. Lastly, the article acknowledges that further research is needed to fully understand the dynamics of bug bounty programs despite the insights gained.
Leave a Reply