Journal A: Case Study— Describe how two different economic theories and a Sample Data Breach Notification relate. https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf

After reading the breach notification letter, the two economic theories that most closely relate to it are who knows. The letter seems pretty common. There were 4 theories in the slides provided, but after a quick google search, I believe that the ET of this breach more closely align with: classical whereby the company regulates itself. This is seen by them notifying the patrons and the authorities. There are laws in place for the notification of these breaches so I don’t know if this is 100% compulsion or goodwill. The other ET would probably be Marxism as the breached company used a third party (likely as a cost saving measure or due to infrastructure/manning issues) like a bourgeoisie uses the proletariat. Without seeing more of the company, this could also be a Laissez-faire because the company reached out to the customer in a good will gesture. BUT again, I am not sure about the compulsion.

Journal B: Summary/reaction of Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties. https://doi.org/10.1093/cybsec/tyab007

The first thing I read was the acknowledgements and funding portions of the article as it can sometimes give me a sense of the writer’s bias if any are to exist. In this instance, the article was funded, reviewed, and aided by former/current HackerOne employees. With this in mind, the tone of the article felt as if it was justifying or convincing the reader to look into bug bounties as a viable alternative to well-known security research companies. At its core, bug bounties and traditional pen testing companies provide the same service which is to test and see if there are vulnerabilities that could be exploited. Overall, I see bug bounties as the free market leveraging its innovation and abilities towards a deficit in cybersecurity professionals.