IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis

Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis
View Sample PDF
Author(s): Hemang Chamakuzhi Subramanian (Florida International University, Miami, USA) and Suresh Malladi (Cybersecurity Researcher & Consultant, Fayetteville, USA)
Copyright: 2020
Volume: 31
Issue: 1
Pages: 26
Source title: Journal of Database Management (JDM)
Editor(s)-in-Chief: Keng Siau (Missouri University of Science and Technology, USA)
DOI: 10.4018/JDM.2020010103

Purchase

View Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis on the publisher's website for pricing and purchasing information.

Abstract

Cybercrime caused by exploited vulnerabilities bears a huge burden on societies. Most of these vulnerabilities are detectable, and the damage is preventable if software vendors and firms that deploy such software adopt right practices. Bug Bounty Programs (BBPs) by vendors and intermediaries are one of the most important creations in recent years, that helps software vendors to create marketplaces and to detect and prevent such exploits. This article develops the theory of BBPs and present a typology of BBPs using established theories of incentive compatibility and mechanism design. The authors empirically analyze the market creation function of BBPs using granular data from two different types of BBPs on a popular intermediary platform. The research findings suggest that BBPs are valuable opportunities to source vulnerabilities in software; nevertheless, the rate of disclosure and hacker participation marginally increases with vendor's rewards and other incentives. Similarly, the results show that security researchers are motivated to contribute to BBPs that offer higher remuneration and not just those programs with a higher likelihood for bug discovery. Our findings will help researchers and practitioners in information security and allied domains to develop a theoretical and empirical perspective of BBPs, and their usefulness to curb incidents of cybercrime.

Related Content

Qingqing Zhou, Ming Jing. © 2020. 19 pages.
M. Asif Naeem, Erum Mehmood, M. G. Abbas Malik, Noreen Jamil. © 2020. 18 pages.
Hemang Chamakuzhi Subramanian, Suresh Malladi. © 2020. 26 pages.
Brandon Laughlin, Karthik Sankaranarayanan, Khalil El-Khatib. © 2020. 21 pages.
Ljubica Kazi, Zoltan Kazi. © 2019. 21 pages.
Minjae Song, Hyunsuk Oh, Seungmin Seo, Kyong-Ho Lee. © 2019. 19 pages.
Gustavo Cordeiro Galv√£o Van Erven, Rommel Novaes Carvalho, Waldeyr Mendes Cordeiro da Silva, Sergio Lifschitz, Harley Vera-Olivera, Maristela Holanda. © 2019. 20 pages.
Body Bottom