Enhancing third-party software reliability through bug bounty programs

Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliabil...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHOU, Tianlu, Dan MA, FENG, Nan
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2023
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/8596
https://ink.library.smu.edu.sg/context/sis_research/article/9599/viewcontent/Enhancing_third_party_software_reliability_through_bug_bounty_programs.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9599
record_format dspace
spelling sg-smu-ink.sis_research-95992024-01-25T08:37:33Z Enhancing third-party software reliability through bug bounty programs ZHOU, Tianlu Dan MA, FENG, Nan Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliability of third-party software. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs on them as well. As a result, the overall impact of using BBP is unclear. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s initial reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent. 2023-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8596 https://ink.library.smu.edu.sg/context/sis_research/article/9599/viewcontent/Enhancing_third_party_software_reliability_through_bug_bounty_programs.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University bug bounty program digital platform third-party application Databases and Information Systems
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic bug bounty program
digital platform
third-party application
Databases and Information Systems
spellingShingle bug bounty program
digital platform
third-party application
Databases and Information Systems
ZHOU, Tianlu
Dan MA,
FENG, Nan
Enhancing third-party software reliability through bug bounty programs
description Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliability of third-party software. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs on them as well. As a result, the overall impact of using BBP is unclear. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s initial reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent.
format text
author ZHOU, Tianlu
Dan MA,
FENG, Nan
author_facet ZHOU, Tianlu
Dan MA,
FENG, Nan
author_sort ZHOU, Tianlu
title Enhancing third-party software reliability through bug bounty programs
title_short Enhancing third-party software reliability through bug bounty programs
title_full Enhancing third-party software reliability through bug bounty programs
title_fullStr Enhancing third-party software reliability through bug bounty programs
title_full_unstemmed Enhancing third-party software reliability through bug bounty programs
title_sort enhancing third-party software reliability through bug bounty programs
publisher Institutional Knowledge at Singapore Management University
publishDate 2023
url https://ink.library.smu.edu.sg/sis_research/8596
https://ink.library.smu.edu.sg/context/sis_research/article/9599/viewcontent/Enhancing_third_party_software_reliability_through_bug_bounty_programs.pdf
_version_ 1789483283911802880