When reading the academic article on Bug Bounty policy, there were a few key facts mentioned that caught my attention. One of the statistics mentioned in the literature review is that “60% of small businesses shut down within 6 months of suffering a major breach”  (Sridhar and Ng). Another statistic that I found intriguing was the fact that JP Morgan chase spends over half a billion dollars annually on Cybersecurity. The main purpose of the article is to provide evidence that bug bounty policies actually improve Cybersecurity for all companies that utilize them, and not just larger more wealthy organizations. At first thought, I agreed with the idea that larger companies would likely be more capable of paying more for seasoned hackers versus smaller companies who may not be able to afford the best of the best. This isn’t necessarily a bad thing though, as it gives an opportunity for newer hackers to learn the ropes and master their craft. Interestingly enough though, the article found that most hackers are price insensitive, as most are either looking to gain experience or driven by other non-monetary factors, and bug bounties were found to be beneficial to companies of all sizes. Overall, I found this article very informative, and maybe it can be something I consider trying later on when I’m looking to gain hacking experience.

Works Cited

Sridhar, Kiran, and Ming Ng. “Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties.” Journal of Cybersecurity, vol. 7, no. 1, Jan. 2021, https://doi.org/10.1093/cybsec/tyab007. Accessed 22 Aug. 2021.