In this journal article, it will delve deeper into the article given and show the role played by VDPs and Bug Bounty Programs in improving cybersecurity. Despite some controversy at their introduction, both initiatives have seen a significant uptake in recent years due to their success in uncovering previously unknown cybersecurity vulnerabilities. The empirical contribution consists of analyzing the determinants of the effectiveness of Bug Bounty Programs, using inquiry-driven econometric methods such as robust regression models and instrumental variable strategies to establish causality and address endogeneity concerns that could cloud the results of ordinary regression. They re-examine the controversial conclusion of the ‘price insensitivity’ of hackers, source-code type hypotheses explaining the differences in vulnerability reporting across industries, and the effectiveness of BBP as tools in cybersecurity risk management. They discuss the sources of bias in the results, highlighting some policy implications for practitioners and researchers to help them strengthen organizational cybersecurity defenses.
