Sam Garden 4/3/24
A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
Seeing that, according to HackerOne, 93% of companies in the Forbes Global 200 lack vulnerability disclosure policies. These policies are important for allowing security to submit bugs to organizations without the risk of being sued. Having these policies in place ensure the companies safety from economic damages. This also keeps customers safe. These policies are in place to ensure that these tests are conducted with the company’s permission in an effort to enhance the infrastructure rather than merely to do harm to the business. It also claims that there may have been other bugs that were simply forbidden from being discussed for fear of legal consequences.