A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

“Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” by Kiran Sridhar and Ming Ng examines how bug bounty programs work and their impact. The article review shows how cybersecurity practices have changed and focuses on the cost-effectiveness of bug bounties versus conventional methods. The article also shows the benefits of these programs when it comes to finding and fixing security vulnerabilities. Sridhar and Ng discovered that ethical hackers are spurred by more than just money. Because of smaller budgets, companies benefit from research drive the challenge of potential professional recognition. Size or revenue does not significantly impact the number of reported vulnerabilities which is beneficial for smaller companies. There is a need for Clear vulnerability policies (VDPs). Researchers hesitate to report issues because of legal concerns. Companies that have VDPs have transparent environments that urge researchers to report problems without fear of reprisal.