Enhancing third-party software reliability through bug bounty programs
Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliabil...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8596 https://ink.library.smu.edu.sg/context/sis_research/article/9599/viewcontent/Enhancing_third_party_software_reliability_through_bug_bounty_programs.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliability of third-party software. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs on them as well. As a result, the overall impact of using BBP is unclear. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s initial reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent. |
|---|