A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try exploring the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

---

After reading the article “Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” by Sridhar and Ng (2021), I gained a better understanding of how bug bounty programs function through both an economic and social science lens. The literature review explains that these programs allow companies to crowdsource cybersecurity testing by paying ethical hackers to find vulnerabilities. This approach is rooted in cost-benefit economics; organizations can often save money by rewarding external hackers rather than hiring large in-house security teams. The authors also discuss how motivation among ethical hackers isn’t purely financial; many participate for recognition, learning, and professional growth.

In the findings, I found it interesting that increasing bounty payouts only slightly increased valid reports, showing that money isn’t the main driver. The study also revealed that smaller companies can benefit just as much as large ones, making bug bounty programs a practical option for organizations with limited budgets. I was especially drawn to the “aging effect,” where older programs receive fewer new reports over time as easier vulnerabilities are fixed. I think the article highlights that successful bug bounty policies depend not only on financial incentives but also on social and psychological factors like reputation, trust, and motivation within the hacker community.