The bug bounty policies mentioned in the article incentivize individuals to uncover vulnerabilities within a company’s cyber infrastructure. Ethical hackers, equipped with penetration testing skills, are invited to explore the infrastructure and identify potential weaknesses. These policies operate on cost-benefit principles, aiming to strike a balance between investment in security and the value of discovering and addressing vulnerabilities. By rewarding ethical hackers, companies enhance their security posture while maintaining an economically viable approach. 

Kiran Sridhar, Ming Ng, Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties, Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab007, https://doi.org/10.1093/cybsec/tyab007