Nathan Guman

CYSE 201S Cyber Security and Social Science

Journal Entry 13

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

One of the best ways to test the vulnerabilities of something you created is to ask yourself, if you had break it, how would you do it? This is what bug bounties as all about. Bug bounty policies, or the testing of security systems by trusted professionals, has a long history. For as long as things have needed to be kept safe and secure, the only way to truly see if they were either, was to test them. This article provided information on the bug bounty market finding they are effective and cost-effective way to test systems which allows for the system to be tested, without the risk of compromise. If nothing else, the ability to say your system has been tested by professionals instills confidence in the product and can economically benefit the company by leading credibility and security to its practices.