A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The article “Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” by Kiran Sridhar and Ming Ng delves into bug bounty programs and their economic impact on cybersecurity. It unveils that monetary rewards are not the primary motivation for hackers participating in these programs. Instead, the study highlights other driving forces, suggesting that even companies with limited resources can benefit from these policies. As bug bounty programs age, they tend to receive fewer reports, but expanding their scope could counter this decline. The way the study was done helps ensure trustworthy results. However, because the severity and scope of vulnerability reports weren’t measured, it shows that more research is needed in these specific areas. Overall, the research sheds light on bug bounty programs’ impact on cybersecurity, providing valuable insights for companies and policymakers, emphasizing the need for deeper exploration in this field.