An economic analysis of third-party software reliability improvement using the Bug Bounty Program

Bug Bounty Programs (BBPs) reward external hackers for reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help improve the reliability of third-par...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHOU, Tianlu, Dan MA, FENG, Nan
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2023
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/8629
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9632
record_format dspace
spelling sg-smu-ink.sis_research-96322024-01-25T06:30:03Z An economic analysis of third-party software reliability improvement using the Bug Bounty Program ZHOU, Tianlu Dan MA, FENG, Nan Bug Bounty Programs (BBPs) reward external hackers for reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help improve the reliability of third-party software. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Meanwhile, we find that using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, instead of improving it, makes the platform marketplace less secure, and thus hurts end users. 2023-12-13T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/8629 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Databases and Information Systems Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Databases and Information Systems
Information Security
spellingShingle Databases and Information Systems
Information Security
ZHOU, Tianlu
Dan MA,
FENG, Nan
An economic analysis of third-party software reliability improvement using the Bug Bounty Program
description Bug Bounty Programs (BBPs) reward external hackers for reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help improve the reliability of third-party software. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Meanwhile, we find that using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, instead of improving it, makes the platform marketplace less secure, and thus hurts end users.
format text
author ZHOU, Tianlu
Dan MA,
FENG, Nan
author_facet ZHOU, Tianlu
Dan MA,
FENG, Nan
author_sort ZHOU, Tianlu
title An economic analysis of third-party software reliability improvement using the Bug Bounty Program
title_short An economic analysis of third-party software reliability improvement using the Bug Bounty Program
title_full An economic analysis of third-party software reliability improvement using the Bug Bounty Program
title_fullStr An economic analysis of third-party software reliability improvement using the Bug Bounty Program
title_full_unstemmed An economic analysis of third-party software reliability improvement using the Bug Bounty Program
title_sort economic analysis of third-party software reliability improvement using the bug bounty program
publisher Institutional Knowledge at Singapore Management University
publishDate 2023
url https://ink.library.smu.edu.sg/sis_research/8629
_version_ 1789483295172460544