Journey Entry #12

Posted by bzaka001 on

Bug Bounty Policies

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

The bug bounty policy makes sense, for all parties involved. It allows for free-lance hackers to earn an honest pay, rather than having to go through criminal means to obtain money. Hackers, at least white-hat hackers, tend to be motivated through either an interest in knowledge, or a sense of wanting to protect those less fortunate and knowledgeable than them against black hat hackers. Most are actually motivated by both. When companies use a policy like the bug bounty policy, it allows for white hat hackers both with years under their belt and those just now learning to get some hands-on experience, and become better at what they do. Companies don’t have to worry about paying an employee for not doing their job or doing something that will benefit the company, because they are only paying the person once the exploit has been shared with the company. This is especially good for smaller businesses, because they are able to employ many different people, and they do not have to compete with bigger companies, because many times the pay is not what the hacker is worried about. This means that every business can do this, small and large, and reap the benefits financially and have better security as a whole. Every hacker is also able to choose what company they would like to work for, and do not have to worry about clocking in and out. They can operate on the hours they want, for however long they want, and be paid a substantial amount when they do find a bug, and get the most important thing a person can, more knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *