Article Review #1
Introduction
The article by Trinh, Dinh, and Tran (2025) examines the psychological traits of cybercriminals
and their broad implications for crime prevention. Using a systematic review of 1,200 studies
(with 45 meeting inclusion criteria), the authors bring attention to the connections between
psychology, criminology, and cybersecurity while giving recommendations for law, policy, and practice.
Relation to Social Science Principles
Cybercrime is not only a technological concern but also a social science concern because it
represents behavior, motivation, and social interaction online. The article connects criminology,
psychology, sociology, and law to explain cybercriminal behavior, applying theories like Routine
Activity and Deterrence Theory to digital contexts.
Listed below is the research question, hypotheses, independent and dependent Variable.
Research question: What psychological traits do cybercriminals have and how can those traits improve cybercrime prevention?
Hypotheses: Cybercriminals show specific psychological traits like narcissism, impulsivity, and tech proficiency that influence their behaviors.
Independent Variables: Psychological traits such as narcissism, impulsivity, and technical proficiency.
Dependent Variables: Cybercrime behaviors, like hacking, phishing, and fraud.
Research Methods
The writers used PRISMA guidelines to complete a literature review. They searched databases
like Web of Science and Google Scholar and applied strict criteria. NVivo and Excel were used for coding and thematic analysis.
Data and Analysis
The review combined qualitative and quantitative findings from past studies. Data types
included psychological assessments, case studies, and theoretical frameworks. The analysis
focused on identifying recurring traits, motivations, and trends in offender profiles.
Connection to PowerPoint Concepts
The article connects with the PowerPoint concepts: Routine Activity Theory (crime occurs with a
motivated offender, suitable target, lack of guardianship), Deterrence Theory (punishment reduces crime), and privacy vs. security balance.
Relevance to Marginalized Groups
Marginalized groups often face the most cybercrime, like identity theft, financial fraud, and
privacy breaches. Study shows that victims may experience stress, anxiety, and reputational
harm. Low-income communities are vulnerable because they may lack access to strong cybersecurity protections.
Contributions to Society
The study contributes to society by advocating for integrated policies that combine
psychological insights, international cooperation, and legal reforms. The recommendations that
were given included improving offender profiling, enhancing cybersecurity education, and strengthening defenses for critical infrastructure.
Conclusion
Trinh et al. (2025) provided an important bridge between psychology and cybersecurity,
showing that cybercrime prevention requires understanding human behavior as much as
technology. By applying social science principles and recommending multi-level strategies, the
study highlights paths toward reducing risks and protecting society from evolving digital threats.
References
Trinh, D. T., Dinh, T. C. H., & Tran, T. N. K. (2025). Exploring the psychological profile of
cybercriminals: A comprehensive review for improved cybercrime prevention. International
Journal of Cyber Criminology, 19(1), 114–137.
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/452/133
Article #2
Introduction / BLUF
This article investigates how bug-bounty programs (crowdsourced vulnerability
discovery) function economically and what factors influence the number of valid
vulnerability reports organizations receive. The bottom line: Bug-bounty programs are
shown to be cost-effective and accessible even for smaller firms, because the supply of
ethical hackers is relatively price-inelastic, and firm size or brand prominence has limited effect on report volume.
Relation / Connection to Social-Science Principles
The study connects to several social-science principles:
- Incentives and motivation: It explores how non-monetary motivations
(reputation, community, altruism) influence hacker participation, beyond just payment amounts.
- Crowdsourcing and collective action: The bug-bounty model taps into
decentralized networks of ethical hackers, illustrating principles of volunteerism - and group behavior.
- Trust and transparency: Organizations need to build vulnerability disclosure
policies and trustworthy relationships with hackers to encourage participation. - Inequality and access: The finding that smaller firms can benefit suggests
democratization of cybersecurity talent, linking to social-justice/inequality themes. - Organizational behavior / change: Firms adopting bug-bounty programs
represent shifts in internal practices and cybersecurity culture.
- Risk perception and behavior: The authors discuss how firms’ willingness to
adopt bug-bounty programs is tied to perceptions of cyber-risk and resource constraints.
- Network effects and economic externalities: The study examines whether
adding more programs increases competition or expands the hacker pool (positive network effect).
Research Question / Hypothesis / Independent Variable / Dependent Variable
- Research Question: What factors determine how many valid vulnerability
reports a firm’s bug-bounty program receives? Do firm size, brand profile, bounty
amounts, program age, industry, and number of new programs influence report volume? - Hypotheses:
- Higher bounty amounts → more valid reports.
- Larger firms / stronger brands receive more reports.
- Older programs receive fewer valid reports over time.
- Entry of new bug-bounty programs may reduce reports for existing ones (competition) or increase them (network effect).
- Independent Variables: Bounty amount, firm revenue/size, brand profile (proxy
via Twitter followers), program age, industry dummy variables (finance, retail,
healthcare, etc.), number of new programs in the month. Semantic Scholar - Dependent Variable: Number of valid vulnerability reports submitted to a firm’s program in a given month. Semantic Scholar
Types of Research Methods Used
The authors employ quantitative methods: they use a large panel dataset from the
bug-bounty platform HackerOne covering August 2014 to January 2020, comprising
thousands of observations. Semantic Scholar They apply econometric modelling
(regressions, instrumental variables) to control for endogeneity. They also mention
qualitative elements (interviews with HackerOne staff and researchers) but the core method is quantitative.
Types of Data Analysis Used
The authors use ordinary least squares (OLS) regressions and then move to two-stage
least squares (2SLS) with instrumental variables to address potential endogeneity. They
also perform fixed-effects regressions and robustness checks (e.g., using different
proxies for brand, bounty amounts) to test the stability of results.
Connections to Other Course Concepts
This study reinforces our module’s concept of cost-benefit analysis in cybersecurity
policy: bug-bounty programs are framed economically and the article provides
empirical support for their cost-effectiveness. It also links to human/social factors in
cybersecurity: understanding the motivations of hackers (social behavior) is crucial.
Further, the concept of incentive alignment (an agent vs principal issue) appears here
– organizations aligning incentives for external researchers. It challenges the
assumption that only large firms can benefit from advanced cybersecurity measures,
underscoring the democratizing effect of crowdsourced vulnerability discovery.
Connections to the Concerns or Contributions of Marginalized Groups
While the article does not specifically focus on marginalized groups, its finding that
smaller firms (which often have fewer resources) benefit from bug-bounty programs
connects indirectly to issues of resource inequality in cybersecurity. Smaller businesses
may lack internal specialists and thus are often under protected; the crowdsourced
model opens opportunities for them to access security talent they couldn’t otherwise.
Also, because ethical hacking communities often include younger, freelance, global
participants (including students), there is a dimension of broadening access to security work, possibly empowering under-represented individuals.
Overall Societal Contributions of the Study / Conclusion
In conclusion, the study advances our understanding of how bug-bounty programs
operate as a cybersecurity policy instrument through the lens of economics and social
science. It shows that such programs are viable for firms of all sizes, highlighting their
potential to improve global cybersecurity resilience by tapping into distributed talent.
This contributes to society by suggesting a scalable, inclusive approach to vulnerability
discovery and reminding organizations to consider social dynamics (motivation,
network, culture) alongside technical measures. It also points to future directions:
measuring bug severity, expanding scope of programs, and further understanding hacker motivations will help refine policy design in this space.
Reference
Sridhar, K., & Ng, M. (2021). Hacking for Good: Leveraging HackerOne Data to Develop
an Economic Model of Bug Bounties. Journal of Cybersecurity, 7(1).
https://doi.org/10.1093/cybsec/tyab007 Semantic Scholar