A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

After reading the article I was shocked to find that according to HackerOne, 93% of companies in the Forbes Global 200 lack vulnerability disclosure policies. These policies allow security personnel to submit bugs to organizations without being sued. It is important to have policies in place that allow personnel to test and identify vulnerabilities in a company’s cyber infrastructure without being sued because it keeps the company, employees, and customers safer than without the tests. The reason why they have these policies as well is to make sure these tests are done with consent of the company in order to improve the infrastructure, instead of just trying to harm the company. It also states that there could have been multiple bugs that just weren’t allowed to be mentioned because of the fear of being sued.