IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis

Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis
View Sample PDF
Author(s): Hemang Chamakuzhi Subramanian (Florida International University, Miami, USA)and Suresh Malladi (Cybersecurity Researcher & Consultant, Fayetteville, USA)
Copyright: 2020
Volume: 31
Issue: 1
Pages: 26
Source title: Journal of Database Management (JDM)
Editor(s)-in-Chief: Keng Siau (City University of Hong Kong, Hong Kong SAR)
DOI: 10.4018/JDM.2020010103

Purchase

View Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis on the publisher's website for pricing and purchasing information.

Abstract

Cybercrime caused by exploited vulnerabilities bears a huge burden on societies. Most of these vulnerabilities are detectable, and the damage is preventable if software vendors and firms that deploy such software adopt right practices. Bug Bounty Programs (BBPs) by vendors and intermediaries are one of the most important creations in recent years, that helps software vendors to create marketplaces and to detect and prevent such exploits. This article develops the theory of BBPs and present a typology of BBPs using established theories of incentive compatibility and mechanism design. The authors empirically analyze the market creation function of BBPs using granular data from two different types of BBPs on a popular intermediary platform. The research findings suggest that BBPs are valuable opportunities to source vulnerabilities in software; nevertheless, the rate of disclosure and hacker participation marginally increases with vendor's rewards and other incentives. Similarly, the results show that security researchers are motivated to contribute to BBPs that offer higher remuneration and not just those programs with a higher likelihood for bug discovery. Our findings will help researchers and practitioners in information security and allied domains to develop a theoretical and empirical perspective of BBPs, and their usefulness to curb incidents of cybercrime.

Related Content

Pasi Raatikainen, Samuli Pekkola, Maria Mäkelä. © 2024. 30 pages.
Zhongliang Li, Yaofeng Tu, Zongmin Ma. © 2024. 25 pages.
Jizi Li, Xiaodie Wang, Justin Z. Zhang, Longyu Li. © 2024. 34 pages.
Lavlin Agrawal, Pavankumar Mulgund, Raj Sharman. © 2024. 37 pages.
Ruizhe Ma, Weiwei Zhou, Zongmin Ma. © 2024. 21 pages.
Zongmin Ma, Daiyi Li, Jiawen Lu, Ruizhe Ma, Li Yan. © 2024. 32 pages.
Amit Singh, Jay Prakash, Gaurav Kumar, Praphula Kumar Jain, Loknath Sai Ambati. © 2024. 25 pages.
Body Bottom