A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The concept of bug bounties is an interesting approach to cybersecurity. The idea however is not entirely new. Companies have long since hired beta-testers and debuggers to help find issues with a program’s coding. The potential issue with this is addressed in this article, however. While having a team of dedicated testers can help fix a majority of issues, some critical flaws will most likely be overlooked. Offering payment or “bounties” for security flaws is a cost-effective way for a company to “employ” a significant number of individuals to search for hidden flaws that could result in attacks later on.
This article draws attention to a few critical points that bug bounties face in the current time. Depending on the motives behind the individuals working to claim these bounties, whether it be money, fame, or some other motive, various companies have access to hiring these “ethical hackers” to find issues. Even smaller companies, with their decreased budgets, have access to newer hackers who are looking to gain experience and fame as they attempt to make a name for themselves. While this process is far from a perfect solution, it is a big step in attempting to fix hidden vulnerabilities that may otherwise become a key access point for a future attack.
Leave a Reply