Anmerkungen:
Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments August 15, 2022 erstellt
Beschreibung:
Bug bounty program is a business activity in which firms invite white-hat hackers around the world to identify vulnerabilities in their cyber systems. The paper proposes a model to quantify the normal cybersecurity spending with respect to the importance of information systems. An upper limit of normal cybersecurity spending is provided, which can be described as a percent of the total value of reports received from the bug bounty program. Moreover, this paper presents quantitative analytical modeling for minimizing the total cybersecurity cost of a firm by optimizing its cybersecurity budget plan after implementing the bug bounty program. With the two models, firms can determine not only the amount of cybersecurity spending that should be input to an information system, but also the optimal spending allocation among the segments of the information system. Lastly, this paper analyzes requirements that make implementing bug bounty program a better choice