Crowdsourced cybersecurity innovation: The case of the Pentagon’s vulnerability reward program.

Saved in:
Bibliographic Details
Title: Crowdsourced cybersecurity innovation: The case of the Pentagon’s vulnerability reward program.
Authors: Chatfield, Akemi Takeoka1, Reddick, Christopher G.2 chris.reddick@utsa.edu., Chun, Soon Ae, Adam, Nabil R., Noveck, Beth
Source: Information Polity: The International Journal of Government & Democracy in the Information Age. 2018, Vol. 23 Issue 2, p177-194. 18p. 2 Color Photographs, 1 Chart, 2 Graphs.
Subject Terms: Computer hackers, Cyberterrorism, Internet security, Malware
Company/Entity: United States. Dept. of Defense
Abstract: The U.S. federal government and its agencies face increasingly sophisticated and persistent cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. We use the Pentagon’s VRP case to examine how it fits with the national cybersecurity policy. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture as well as the need to develop sophisticated cybersecurity policy and enhanced cybersecurity capability. [ABSTRACT FROM AUTHOR]
Copyright of Information Polity: The International Journal of Government & Democracy in the Information Age is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Education Research Complete
Full text is not displayed to guests.
FullText Links:
  – Type: pdflink
Text:
  Availability: 1
Header DbId: ehh
DbLabel: Education Research Complete
An: 130475517
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Crowdsourced cybersecurity innovation: The case of the Pentagon’s vulnerability reward program.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Chatfield%2C+Akemi+Takeoka%22">Chatfield, Akemi Takeoka</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22Reddick%2C+Christopher+G%2E%22">Reddick, Christopher G.</searchLink><relatesTo>2</relatesTo><i> chris.reddick@utsa.edu.</i><br /><searchLink fieldCode="AR" term="%22Chun%2C+Soon+Ae%22">Chun, Soon Ae</searchLink><br /><searchLink fieldCode="AR" term="%22Adam%2C+Nabil+R%2E%22">Adam, Nabil R.</searchLink><br /><searchLink fieldCode="AR" term="%22Noveck%2C+Beth%22">Noveck, Beth</searchLink>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Information+Polity%3A+The+International+Journal+of+Government+%26+Democracy+in+the+Information+Age%22">Information Polity: The International Journal of Government & Democracy in the Information Age</searchLink>. 2018, Vol. 23 Issue 2, p177-194. 18p. 2 Color Photographs, 1 Chart, 2 Graphs.
– Name: Subject
  Label: Subject Terms
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+hackers%22">Computer hackers</searchLink><br /><searchLink fieldCode="DE" term="%22Cyberterrorism%22">Cyberterrorism</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+security%22">Internet security</searchLink><br /><searchLink fieldCode="DE" term="%22Malware%22">Malware</searchLink>
– Name: SubjectCompany
  Label: Company/Entity
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22United+States%2E+Dept%2E+of+Defense%22">United States. Dept. of Defense</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: The U.S. federal government and its agencies face increasingly sophisticated and persistent cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. We use the Pentagon’s VRP case to examine how it fits with the national cybersecurity policy. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture as well as the need to develop sophisticated cybersecurity policy and enhanced cybersecurity capability. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Information Polity: The International Journal of Government & Democracy in the Information Age is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=ehh&AN=130475517
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.3233/IP-170058
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 18
        StartPage: 177
    Subjects:
      – SubjectFull: Computer hackers
        Type: general
      – SubjectFull: Cyberterrorism
        Type: general
      – SubjectFull: Internet security
        Type: general
      – SubjectFull: Malware
        Type: general
      – SubjectFull: United States. Dept. of Defense
        Type: general
    Titles:
      – TitleFull: Crowdsourced cybersecurity innovation: The case of the Pentagon’s vulnerability reward program.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Chatfield, Akemi Takeoka
      – PersonEntity:
          Name:
            NameFull: Reddick, Christopher G.
      – PersonEntity:
          Name:
            NameFull: Chun, Soon Ae
      – PersonEntity:
          Name:
            NameFull: Adam, Nabil R.
      – PersonEntity:
          Name:
            NameFull: Noveck, Beth
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 04
              Text: 2018
              Type: published
              Y: 2018
          Identifiers:
            – Type: issn-print
              Value: 15701255
          Numbering:
            – Type: volume
              Value: 23
            – Type: issue
              Value: 2
          Titles:
            – TitleFull: Information Polity: The International Journal of Government & Democracy in the Information Age
              Type: main
ResultId 1