Title

Crowdsourced cybersecurity innovation: The case of the Pentagon's vulnerability reward program

RIS ID

128913

Publication Details

Chatfield, A. T. & Reddick, C. G. (2018). Crowdsourced cybersecurity innovation: The case of the Pentagon's vulnerability reward program. Information Polity: An International Journal of Government and Democracy in the Information Age, 23 (2), 177-194.

Abstract

The U.S. federal government and its agencies face increasingly sophisticated and persistent cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. We use the Pentagon's VRP case to examine how it fits with the national cybersecurity policy. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture as well as the need to develop sophisticated cybersecurity policy and enhanced cybersecurity capability.

Please refer to publisher version or contact your library.

Share

COinS
 

Link to publisher version (DOI)

http://dx.doi.org/10.3233/IP-170058