Instructions:
A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The article “Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties” research and analyzes the way in which bug-bounty programs are a cost-effective way to improve an organization’s cybersecurity. The literature review highlights the popularity of the program, particularly among low-funded companies to get support for their cybersecurity infrastructure. This allows companies a way to reach talented hackers as well as experience and monetary gain for them. However, there is a concern about the inconsistency of these hackers and the amount of trust there is between them and companies. The review continues by discussing past studies about the motivation of the hackers being primarily about reputation, skill development and for ethical concerns. The review concludes with by stating what it will address in the rest of the article that adds to more comprehensive public and private program, instrumental variables and the price elasticity to the conversation.
In the discussion of findings, the article analyzes the real-world data from bug bounty programs over time and offers insights to their results. A notable finding was of the severity and amount of vulnerabilities tend to lessen during the program. New hackers also join during the programs contributing but the more experience hackers tackle the more difficult tasks. Another notable finding was that high financial incentives were not necessary to get better support from the hackers. Overall, it illustrates the necessity for a well maintained bug bounty program and clear, open communication with hackers for it to be effective.