Darius Burks

Journal 13

In this article, it discusses the Bug Bounty programs in their economic implications. There are six policies that were focused on, Vulnerability Disclosure Policies, Financial Incentives, and Economic Behaviors in firms, Public vs. Private programs, Financial and Operational cost of Bug Bounty Programs, and the Economic value of Bug Bounties. Bug bounty programs effectiveness and growth are influenced by financial incentive and the market dynamics around the hacker supply and demand. A big factor states that a large percentage of companies (93% of firms) lack Vulnerability Disclosure Policies. The lack of VDP’s prevents third parties’ researchers from submitting vulnerabilities to organizations without fear of legal consequences.