A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company\u2019s cyber infrastructure.\u00a0 To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.\u00a0 The policies relate to economics in that they are based on cost\/benefits principles.\u00a0 Read this article https:\/\/academic.oup.com\/cybersecurity\/article\/7\/1\/tyab007\/6168453?login=trueLinks to an external site.\u00a0 and write a summary reaction to the use of the policies in your journal.\u00a0 Focus primarily on the literature review and the discussion of the findings. <\/p>\n\n\n\n
After reading the article I was shocked to find that according to HackerOne, 93% of companies in the Forbes Global 200 lack vulnerability disclosure policies. These policies allow security personnel to submit bugs to organizations without being sued. It is important to have policies in place that allow personnel to test and identify vulnerabilities in a company\u2019s cyber infrastructure without being sued because it keeps the company, employees, and customers safer than without the tests. The reason why they have these policies as well is to make sure these tests are done with consent of the company in order to improve the infrastructure, instead of just trying to harm the company. It also states that there could have been multiple bugs that just weren\u2019t allowed to be mentioned because of the fear of being sued.<\/p>\n","protected":false},"excerpt":{"rendered":"
A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company\u2019s cyber infrastructure.\u00a0 To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using… <\/p>\n