The use of bug bounty programs for software reliability improvement
As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability invest...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8646 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9649 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-96492024-02-08T06:30:04Z The use of bug bounty programs for software reliability improvement ZHOU, Tianlu Dan MA, FENG, Nan As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability investment incentive. We build a model to examine strategic decisions of launching and participating in a BBP for the platform and third-party vendor, respectively. We find that the platform’s (vendor’s) launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s investment efficiency. The incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Only when the potential loss is high and investment efficiency is low, BBP would be the equilibrium outcome. We find using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, makes the platform less reliable, and hurts end users. 2023-07-12T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/8646 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Databases and Information Systems Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Databases and Information Systems Software Engineering |
| spellingShingle |
Databases and Information Systems Software Engineering ZHOU, Tianlu Dan MA, FENG, Nan The use of bug bounty programs for software reliability improvement |
| description |
As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability investment incentive. We build a model to examine strategic decisions of launching and participating in a BBP for the platform and third-party vendor, respectively. We find that the platform’s (vendor’s) launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s investment efficiency. The incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Only when the potential loss is high and investment efficiency is low, BBP would be the equilibrium outcome. We find using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, makes the platform less reliable, and hurts end users. |
| format |
text |
| author |
ZHOU, Tianlu Dan MA, FENG, Nan |
| author_facet |
ZHOU, Tianlu Dan MA, FENG, Nan |
| author_sort |
ZHOU, Tianlu |
| title |
The use of bug bounty programs for software reliability improvement |
| title_short |
The use of bug bounty programs for software reliability improvement |
| title_full |
The use of bug bounty programs for software reliability improvement |
| title_fullStr |
The use of bug bounty programs for software reliability improvement |
| title_full_unstemmed |
The use of bug bounty programs for software reliability improvement |
| title_sort |
use of bug bounty programs for software reliability improvement |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2023 |
| url |
https://ink.library.smu.edu.sg/sis_research/8646 |
| _version_ |
1794549516833128448 |