Assignment Description: “A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.”

The overall understanding I gained from the article is that bug bounty policies are a promising new area for cybersecurity issue detections for companies of all sizes and industries. Between the article’s points that hackers are price insensitive and industry type not having a statistically significant change in reported bugs, I believe it when the article mentions that “Gartner projects that by 2022, 50% of enterprises will employ crowdsourced cybersecurity.” Something I’ve heard a lot in recent years is that companies should begin a more diverse crowd of cybersecurity employees rather than just people that follow the typical college and career path, and I think the rise of bug hunting policies will be a major step in changing that. I think these policies will be especially important and more popular in smaller companies that can’t afford a great cybersecurity team but can afford to pay out the cheaper prices for freelance bug-hunters.