A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

The article showed how bug bounty programs have become an important part of modern cybersecurity as organizations struggle with talent shortages. I like how the authors highlighted gaps in previous research mainly that the earlier studies relied on limited public data and they couldn’t capture the full dynamics of hacker participation. Also their use of the large HackerOne dataset directly addresses that problem. But what stood out most in the findings is that bounty size has only a small effect on how many valid vulnerabilities researchers submit. I think this suggests that hackers are more motivated by a lot more instead of just money which the earlier researchers didn’t fully prove. Overall the findings support a broader adoption of bug bounty policies especially for organizations with fewer resources.