Read this article and write a summary reaction to the use of the policies in your journal.

Bug bounty programs offer security researchers the ability to discover and report any cybersecurity vulnerability in an organization’s cyber infrastructure for compensation. Through crowdsourcing, organizations can get an insight on the mind of an attacker and understand how their infrastructure could be targeted in a real-life scenario. Researchers gain real-life experiences, compensation, and no legal liability through penetration techniques and bug bounties. The provided article explains that this level of approach is very cost-effective in all kinds of organizations to tighten up their cybersecurity posture. As the article states “Security researchers have a price elasticity of supply of between 0.1 and 0.2 at the median, indicating that they are largely motivated by non-pecuniary factors” () Besides the large payout from bug bounties, researchers enjoy many of the other elements of bug bounty programs, such as the challenge and the ability to work on bug bounties at their leisure. In the bug bounty field, the brand or the organization’s revenue stream does not impact the number of bugs inside their infrastructure. Also, the article states that as programs grow older in age and bugs become harder to find, fewer valid reports as given by researchers. To combat this negative age effect, companies should more bounty activities if more of the code base or if the targeted scope is widened.