A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

The bug bounty policies are an interesting way for companies to utilize freelance hackers to identify vulnerabilities within their systems. Of course, there are negatives and a fear of backlash, but the literature suggest that the benefits of these programs outweigh the negatives. Firstly, they give companies—both big and small—the opportunity to thoroughly review their systems. For larger companies, these types of vulnerabilities are often overlooked, and for smaller companies, they may not have been able to afford to have hackers scrutinize their systems. The literature proceeds to compile a database that leverages HackerOne data from August 2014 to January 2020, with observations from different programs receiving over 50,000 reports. These reports came from companies of all sizes and serve as a good gauge of the current state of the bug bounty market. The findings suggest that hacker compensation is inelastic. What this means is that it appears the hackers participating in these programs weren’t overly concerned about the bounty itself and were more focused on gaining experience and increasing their notoriety. More notoriety equals a stronger reputation, which ultimately leads to more opportunities for career growth. It seems the hackers were more focused on their personal growth than on the bounties. Additionally, older programs tend to have fewer reports, which makes sense, and certain fields, such as medical, have fewer reports than others. In conclusion the bug bounties program is effective at producing a economy for cybersecurity specialists as this is a program that ultimately benefits both parties involved.