This article provided insight into what “bug bounties” are and how they are used by
companies to find vulnerabilities in their digital infrastructure and get it fixed after the report by
a freelance hacker has been submitted and the hacker rewarded for their findings. Companies use
these bug bounties to have these vulnerabilities found and patched, but it was found that the use
of the bug bounties is not equally used when it comes to certain fields. It was stated that fields
like finance and healthcare don’t employ the use of bug bounties due to the fact that they store
personal identifiable information (PII) and the hacker doing the bug bounty if it were there, could
store and sell the PII on the black market since that is high seller on the market according to the
article. These bug bounties though, do have the allure of drawing in new “talent” (hackers) to try
and grow their reputation by completing the bug bounties, but it was talked about that as they
grow in reputation these hackers might not have the draw to them only wanting to partake in
high reward bounties. These high reward bounties, could be from companies like google where
they keep these hackers on a retainer to employ them when they want a bug to be found. Lastly
the findings did show that as these programs go on with time, that they do receive fewer reports
as the time goes on, which can lead to these companies that use bug bounties to find
vulnerabilities having to source to actual cybersecurity firms to test and defend their systems,
from vulnerabilities, meaning they’d have to spend more money into that side of their
cybersecurity department.