A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

Utilizing third-party gig-economy security researchers (hackers) is probably the most effective way for an organization to understand it’s cybersecurity shortcomings. While this way is flawed, the mindset and social structure of hackers creates a cost effective, competitive market for these contract services and is good for companies to utilize. I think if the vetting process for hiring these contractors and repercussions for mishandling bugs and vulnerabilities is addressed, this could be a very sustainable market for hackers for quite some time given the shortage of in-house cybersecurity positions. The gap in bug bounties in the small and medium enterprises (SMEs) is something that requires attention and creates a roadblock for smaller companies who can’t compete with large corporations.