A later module addresses cybersecurity policy through a social science framework.  At this point, attention can be drawn to one type of policy, known as bug bounty policies.  These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

Nolan Venezio

07/21/2024

            Organizations refusing to have VDP policies can be extremely dangerous. These policies can benefit a company greatly by allowing for individuals to discover issues within their systems. The bug bounty market appears to be growing but still isn’t large enough to get all companies on board. Some companies provide financial benefits for discovering these errors making it enticing and fun to discover them. Other companies have policies that prevent individuals from submitting these errors over fear of being sued. This has serious negative effects on the population and economy. If a normal individual can identify a problem than so can an attacker or bad state. These companies hold a lot of personal and financial information that if got leaked can ruin a company or an individual’s life. These policies need to be revamped and upgraded to allow for these errors to become more identifiable and fixable before a major crash or breach occurs. They found that hackers mostly don’t find these errors for financial gain but for experience or entertainment. If many of these bugs are being discovered there should be better care and focus on the companies to prevent these errors from occurring in the first place. New software updated will continue to allow for new vulnerabilities allowing for the bug bounties to continue to be an industry that wont go away. The hackers’ financial gains are different based upon which each company pays leaving for smaller companies to have less money to afford more experienced hackers to identify problems. The article highlights the importance of the bug bounty market and how it benefits companies. Companies without proper policies need to update their policies to better allow for individuals to identify errors that can lead to dire consequences.

References

Sridhar, K., & Ng, M. (2021, March 12). Hacking for good: Leveraging hackerone data to develop an economic model of Bug Bounties. OUP Academic. https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true