English
Related papers

Related papers: Given Enough Eyeballs, All Bugs Are Shallow? Revis…

200 papers

Recently, bug-bounty programs have gained popularity and become a significant part of the security culture of many organizations. Bug-bounty programs enable organizations to enhance their security posture by harnessing the diverse expertise…

Cryptography and Security · Computer Science 2023-02-27 Soodeh Atefi , Amutheezan Sivagnanam , Afiya Ayman , Jens Grossklags , Aron Laszka

Background: While bug bounty programs are not new in software development, an increasing number of companies, as well as open source projects, rely on external parties to perform the security assessment of their software for reward.…

Software Engineering · Computer Science 2017-09-20 Hideaki Hata , Mingyu Guo , M. Ali Babar

Despite significant popularity, the bug bounty process has remained broadly unchanged since its inception, with limited implementation of gamification aspects. Existing literature recognises that current methods generate intensive resource…

Cryptography and Security · Computer Science 2020-09-23 Jamie O'Hare , Lynsay A. Shepherd

Bug bounty programs, where external agents are invited to search and report vulnerabilities (bugs) in exchange for rewards (bounty), have become a major tool for companies to improve their systems. We suggest augmenting such programs by…

Theoretical Economics · Economics 2024-03-15 Hans Gersbach , Fikri Pitsuwan , Pio Blieske

Systems and blockchains often have security vulnerabilities and can be attacked by adversaries, with potentially significant negative consequences. Therefore, infrastructure providers increasingly rely on bug bounty programs, where external…

Theoretical Economics · Economics 2023-09-06 Hans Gersbach , Akaki Mamageishvili , Fikri Pitsuwan

Bug bounty programs have contributed significantly to security in technology firms in the last decade, but little is known about the role of reward incentives in producing useful outcomes. We analyze incentives and outcomes in Google's…

Software Engineering · Computer Science 2025-09-23 Serena Wang , Martino Banchio , Krzysztof Kotowicz , Katrina Ligett , R. Preston McAfee , Eduardo' Vela'' Nava

Software vulnerabilities enable exploitation by malicious hackers, compromising systems and data security. This paper examines bug bounty programs (BBPs) that incentivize ethical hackers to discover and responsibly disclose vulnerabilities…

Cryptography and Security · Computer Science 2024-04-29 Esther Gal-Or , Muhammad Zia Hydari , Rahul Telang

Bug bounties have become increasingly popular in recent years. This paper discusses bug bounties by framing these theoretically against so-called platform economy. Empirically the interest is on the disclosure of web vulnerabilities through…

Cryptography and Security · Computer Science 2018-05-28 Jukka Ruohonen , Luca Allodi

Although researchers have characterized the bug-bounty ecosystem from the point of view of platforms and programs, minimal effort has been made to understand the perspectives of the main workers: bug hunters. To improve bug bounties, it is…

Cryptography and Security · Computer Science 2023-03-09 Omer Akgul , Taha Eghtesad , Amit Elazari , Omprakash Gnawali , Jens Grossklags , Michelle L. Mazurek , Daniel Votipka , Aron Laszka

Researchers have investigated the bug bounty ecosystem from the lens of platforms, programs, and bug hunters. Understanding the perspectives of bug bounty report reviewers, especially those who historically lack a security background and…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Steven Ngo , Joshua Garcia

Security is an essential cornerstone of functioning digital marketplaces and communities. If users doubt that data shared online will remain secure, they will withdraw from platforms. Even when firms take these risks seriously, security…

Cryptography and Security · Computer Science 2022-04-15 Johannes Wachs

To keep up with the growing number of cyber-attacks and associated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task…

Cryptography and Security · Computer Science 2024-04-19 Kamil Malinka , Anton Firc , Pavel Loutocký , Jakub Vostoupal , Andrej Krištofík , František Kasl

Bug bounty platforms (e.g., HackerOne, BugCrowd) leverage crowd-sourced vulnerability discovery to improve continuous coverage, reduce the cost of discovery, and serve as an integral complement to internal red teams. With the rise of…

Software Engineering · Computer Science 2025-11-25 Jiangrui Zheng , Yingming Zhou , Ali Abdullah Ahmad , Hanqing Yao , Xueqing Liu

Current bias evaluation methods rarely engage with communities impacted by AI systems. Inspired by bug bounties, bias bounties have been proposed as a reward-based method that involves communities in AI bias detection by asking users of AI…

Computers and Society · Computer Science 2025-10-03 Sergej Kucenko , Nathaniel Dennler , Fengxiang He

We propose and analyze an algorithmic framework for "bias bounties": events in which external participants are invited to propose improvements to a trained model, akin to bug bounty events in software and security. Our framework allows…

Machine Learning · Computer Science 2022-05-11 Ira Globus-Harris , Michael Kearns , Aaron Roth

In the world of open-source software (OSS), the number of known vulnerabilities has tremendously increased. The GitHub Advisory Database contains advisories for security risks in GitHub-hosted OSS projects. As of 09/25/2023, there are…

Cryptography and Security · Computer Science 2025-01-30 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Eclipse, an open source software project, acknowledges its donors by presenting donation badges in its issue tracking system Bugzilla. However, the rewarding effect of this strategy is currently unknown. We applied a framework of causal…

Software Engineering · Computer Science 2018-07-20 Keitaro Nakasai , Hideaki Hata , Kenichi Matsumoto

A widespread belief in the blockchain security community is that automated techniques are only good for detecting shallow bugs, typically of small value. In this paper, we present the techniques and insights that have led us to repeatable…

The development of open-source software (OSS) projects usually have been driven through collaborations among contributors and strongly relies on volunteering. Thus, allocating software practitioners (e.g., contributors) to a particular task…

We study a cost sharing problem derived from bug bounty programs, where agents gain utility by the amount of time they get to enjoy the cost shared information. Once the information is provided to an agent, it cannot be retracted. The goal,…

Computer Science and Game Theory · Computer Science 2020-06-26 Mingyu Guo , Yong Yang , Muhammad Ali Babar
‹ Prev 1 2 3 10 Next ›