Bug Bounty Policies and Economics

ARTICLE URL: https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf

Bug bounties could be extremely helpful to an organization, in more ways than one. It
allows them to learn about vulnerabilities they may have missed in the past. This means it can
significantly reduce the cost of data breaches, security training or recovery. Some bug bounties
can be taken up by hackers, programmers or anyone with technical knowledge outside of the
organization, allowing them to make extra money as well, after successfully completing a bug
bounty. The article explains that “results indicate that hackers are largely motivated by non-
monetary factors” (Sridhar and Ng). These other motivations include increased recognition, or
more experience within the field of cybersecurity. Overall bug bounties can relate to economy,
both in regards to the individual hacker, and to the overall costs of security for an organization.

References
Kiran Sridhar, Ming Ng, Hacking for good: Leveraging HackerOne data to develop an economic
model of Bug Bounties, Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab007,
https://doi.org/10.1093/cybsec/tyab0