Prompt: At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true

After reading this article, it is very clear that bug bounties help companies strengthen their cybersecurity posture while also performing cost-benefit analysis. In the long run, it is better financially for companies to pay for vulnerabilities (bugs) to be found by ethical hackers and remediate the issue before it is used maliciously rather than waiting for a zero-day attack to happen against them. Although many of these bug bounties are in the thousands or millions of dollars, this is still cheaper than the potential of a major cybersecurity incident taking systems offline or potentially ransomed. The literature review shows how bug bounties are operated as well as how some of the major companies and government agencies benefit from them.