Enhancing third-party software reliability through bug bounty programs
Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliabil...
Saved in:
Main Authors: | , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2023
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/8596 https://ink.library.smu.edu.sg/context/sis_research/article/9599/viewcontent/Enhancing_third_party_software_reliability_through_bug_bounty_programs.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-9599 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-95992024-01-25T08:37:33Z Enhancing third-party software reliability through bug bounty programs ZHOU, Tianlu Dan MA, FENG, Nan Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliability of third-party software. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs on them as well. As a result, the overall impact of using BBP is unclear. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s initial reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent. 2023-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8596 https://ink.library.smu.edu.sg/context/sis_research/article/9599/viewcontent/Enhancing_third_party_software_reliability_through_bug_bounty_programs.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University bug bounty program digital platform third-party application Databases and Information Systems |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
bug bounty program digital platform third-party application Databases and Information Systems |
spellingShingle |
bug bounty program digital platform third-party application Databases and Information Systems ZHOU, Tianlu Dan MA, FENG, Nan Enhancing third-party software reliability through bug bounty programs |
description |
Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliability of third-party software. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs on them as well. As a result, the overall impact of using BBP is unclear. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s initial reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent. |
format |
text |
author |
ZHOU, Tianlu Dan MA, FENG, Nan |
author_facet |
ZHOU, Tianlu Dan MA, FENG, Nan |
author_sort |
ZHOU, Tianlu |
title |
Enhancing third-party software reliability through bug bounty programs |
title_short |
Enhancing third-party software reliability through bug bounty programs |
title_full |
Enhancing third-party software reliability through bug bounty programs |
title_fullStr |
Enhancing third-party software reliability through bug bounty programs |
title_full_unstemmed |
Enhancing third-party software reliability through bug bounty programs |
title_sort |
enhancing third-party software reliability through bug bounty programs |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2023 |
url |
https://ink.library.smu.edu.sg/sis_research/8596 https://ink.library.smu.edu.sg/context/sis_research/article/9599/viewcontent/Enhancing_third_party_software_reliability_through_bug_bounty_programs.pdf |
_version_ |
1789483283911802880 |