Literary Review, the use of policies:

https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true

Essentially, bug bounties are like big games where companies invite people, hackers, to find problems with their websites, apps, or computer systems. These hackers aren’t bad guys; they’re actually good at finding mistakes that could let in the bad guys. When they find a problem, they tell the company about it, and in return, the company gives them a reward, or pay. It’s a reward for helping keep things safe and secure. Bug bounties are like a win-win situation: the company gets to fix problems before they cause any trouble, and the hackers get paid for their skills. Plus, it’s a way for companies to show they’re serious about keeping your information safe.

Hackers continuously looks for methods of attack, therefore measures must be taken to minimize risk. There are also many motivations behind these bounties, this does not exclude lack of monetary gain. However, the article acknowledges a gap in empirical research concerning bug bounty programs, necessitating a comprehensive analysis to establish causality and discern the factors influencing program efficacy.

These findings include the price insensitivity of hackers, the insignificant impact of a company’s size and profile on vulnerability reports, and the diminishing returns of older bug bounty programs. The article concludes by delineating potential avenues for future research and emphasizing the crucial role of bug bounty programs in fortifying cybersecurity across diverse industries.