The use of bug bounty programs for software reliability improvement
As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability invest...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8646 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability investment incentive. We build a model to examine strategic decisions of launching and participating in a BBP for the platform and third-party vendor, respectively. We find that the platform’s (vendor’s) launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s investment efficiency. The incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Only when the potential loss is high and investment efficiency is low, BBP would be the equilibrium outcome. We find using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, makes the platform less reliable, and hurts end users. |
|---|