Posted on

Journal Entry # 10 (Module 11 #2)

Date Created: 07/21/2024

Topic: Cybersecurity Policies

The article provides a comprehensive analysis of how bug bounty programs and vulnerability disclosure policies (VDPs) can significantly enhance a company’s cybersecurity posture by engaging freelance security researchers, also known as ethical hackers.

The literature review elaborates on two primary rationales for these programs: addressing the severe shortage of cybersecurity professionals worldwide and adhering to Linus’s Law, which posits that diverse perspectives help uncover vulnerabilities that an internal team may overlook. Metrics such as program age, industry effects, brand profile, and bounty amounts, among others, are evaluated to understand how they influence the quantity and quality of vulnerability reports received by companies.

The study reveals several significant findings. One of the crucial insights is that hackers are relatively price insensitive. This means smaller companies with fewer resources can still benefit from bug bounty programs, as ethical hackers are not solely driven by monetary rewards but also by non-monetary factors like reputation and experience.

Additionally, the article finds that a company’s size and profile do not significantly impact the number of reports it receives. This is good news for smaller and lesser-known entities, democratizing access to cybersecurity talent. The study also identifies industry-specific effects, noting that finance, retail, and healthcare sectors receive fewer vulnerability reports, possibly because vulnerabilities in these industries can be easily monetized illicitly, deterring ethical hackers from reporting them.

However, the research also acknowledges the limitations and gaps that remain in the current understanding of bug bounty programs. While the methodology is robust in addressing endogeneity issues, variables like scope and bug severity remain unmeasured, leaving some unexplained variations in the data. In conclusion, the article emphasizes the significant role bug bounty programs play in modern cybersecurity while highlighting the need for further research to refine understanding and improve these programs’ effectiveness, particularly as they become more ubiquitous in various industries.

Sources

Kiran Sridhar & Ming Ng. (2021). Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties.https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true

Published by: gbafu001

Welcome to my ePortfolio! My name is Gloria Kandy Bafunye, and I'm a senior at ODU, focusing on cybersecurity and information technology. Currently, I'm deeply immersed in coursework that delves into the intricacies of securing digital infrastructures and leveraging technology for organizational efficiency. With a passion for healthcare and a strong background in IT, my goal is to transition into a role where I can merge these two worlds seamlessly. Specifically, I aspire to become an IT project manager or IT director within a hospital setting. My experience working within a hospital environment has given me invaluable insights into the software and systems utilized for patient care and administrative functions. I'm eager to leverage this knowledge to drive innovation and streamline processes that ultimately enhance patient outcomes. In addition to my academic pursuits, I actively seek opportunities to expand my skill set and stay current with industry trends. I believe in the power of continuous learning and strive to remain adaptable in an ever-evolving technological landscape. Thank you for visiting my ePortfolio. I invite you to explore further and learn more about my journey and accomplishments. Let's connect and collaborate on ways to leverage technology for the betterment of healthcare delivery.

Categories CYSE200S, CYSE200T, Journal, Journal EntriesLeave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *