According to Kiran and Ming (2021), “We ran a study of bug bounties, programs where gig economy security researchers are compensated for pinpointing and explaining vulnerabilities in company code bases”. Bug bounty programs are useful for finding out vulnerability in your system. How I like to explain bug bounty programs are like pre season games. It is a live look at your team from someone that isn’t familiar with your usual tendencies. They challenge your current team’s game plan to see how viable it actually is. In practice and theory your plan might be perfect but how does it hold up to live real world application. In the article they found that these bug bounties are effective for companies of all sizes. I can see that reasoning because not everything is perfect all the time and having someone with a different set of eyes may bring to light things we couldn’t see working there everyday. The other finding that they ended up with is different industries will bring in a different number of reports. I expected this as well because a blog website may not have the resources and budget to allocate towards cybersecurity like a credit card processor might. 

Reference

Kiran Sridhar, Ming Ng, Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties, Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab007, https://doi.org/10.1093/cybsec/tyab007