Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引:25
|
作者
Malladi, Suresh S. [1 ]
Subramanian, Hemang C. [2 ]
机构
[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA
[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA
来源
IEEE SOFTWARE | 2020年 / 37卷 / 01期
关键词
Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;
D O I
10.1109/MS.2018.2880508
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.
引用
收藏
页码:31 / 39
页数:9
相关论文
共 50 条
  • [1] Bug Bounty Programs - a Mapping Study
    Magazinius, Ana
    Mellegard, Niklas
    Olsson, Linda
    2019 45TH EUROMICRO CONFERENCE ON SOFTWARE ENGINEERING AND ADVANCED APPLICATIONS (SEAA 2019), 2019, : 412 - 415
  • [2] Beyond the Bugs: Enhancing Bug Bounty Programs through Academic Partnerships
    Kristofik, Andrej
    Vostoupal, Jakub
    Malinka, Kamil
    Kasl, Frantisek
    Loutocky, Pavel
    19TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY, ARES 2024, 2024,
  • [3] Security Professional Skills Representation in Bug Bounty Programs and Processes
    Mumtaz, Sara
    Rodriguez, Carlos
    Zamanirad, Shayan
    SERVICE-ORIENTED COMPUTING, ICSOC 2020, 2021, 12632 : 334 - 348
  • [4] Navigating vulnerability markets and bug bounty programs: A public policy perspective
    Zrahia, Aviram
    INTERNET POLICY REVIEW, 2024, 13 (01):
  • [5] Optimizing Bug Bounty Programs for Efficient Malware-Related Vulnerability Discovery
    Yulianto, Semi
    Soewito, Benfano
    Gaol, Ford Lumban
    Kurniawan, Aditya
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2024, 15 (04) : 291 - 299
  • [6] Enterprise cybersecurity training and awareness programs: Recommendations for success
    He, Wu
    Zhang, Zuopeng
    JOURNAL OF ORGANIZATIONAL COMPUTING AND ELECTRONIC COMMERCE, 2019, 29 (04) : 249 - 257
  • [7] What We Know About Bug Bounty Programs - An Exploratory Systematic Mapping Study
    Magazinius, Ana
    Mellegard, Niklas
    Olsson, Linda
    SOCIO-TECHNICAL ASPECTS IN SECURITY AND TRUST, STAST 2019, 2021, 11739 : 89 - 106
  • [8] Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report
    Malinka, Kamil
    Firc, Anton
    Loutocky, Pavel
    Vostoupal, Jakub
    Kristofik, Andrej
    Kasl, Frantisek
    PROCEEDINGS OF THE 2024 CONFERENCE INNOVATION AND TECHNOLOGY IN COMPUTER SCIENCE EDUCATION, VOL 1, ITICSE 2024, 2024, : 227 - 233
  • [9] Organizational Learning on Bug Bounty Platforms
    Ahmed, Ali
    Lee, Ho Cheung Brian
    AMCIS 2020 PROCEEDINGS, 2020,
  • [10] A Model for Adaptive Bug Bounty Programs and Responsible Disclosure in E-Government Vulnerability Management
    Obeidat, Ibrahim
    Alhayek, Esraa
    Obeidat, Ala
    2024 INTERNATIONAL CONFERENCE ON MULTIMEDIA COMPUTING, NETWORKING AND APPLICATIONS, MCNA 2024, 2024, : 102 - 107
12345