Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引：25

作者：

Malladi, Suresh S. ^{[1
]}

Subramanian, Hemang C. ^{[2
]}

机构：

[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA

[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA

来源：

IEEE SOFTWARE | 2020年 / 37卷 / 01期

关键词：

Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;

D O I：

10.1109/MS.2018.2880508

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.

引用

页码：31 / 39

页数：9

共 50 条

[21] eMaintenance in railways: Issues and challenges in cybersecurity
Kour, Ravdeep
Aljumaili, Mustafa
Karim, Ramin
Tretten, Phillip
PROCEEDINGS OF THE INSTITUTION OF MECHANICAL ENGINEERS PART F-JOURNAL OF RAIL AND RAPID TRANSIT, 2019, 233 (10) : 1012 - 1022
[22] Cybercrime and Cybersecurity Issues in the BRICS Economies
Kshetri, Nir
JOURNAL OF GLOBAL INFORMATION TECHNOLOGY MANAGEMENT, 2015, 18 (04) : 245 - 249
[23] Cybersecurity Issues in Implanted Medical Devices
Tabasum, Aliya
Safi, Zeineb
AlKhater, Wadha
Shikfa, Abdullatif
2018 INTERNATIONAL CONFERENCE ON COMPUTER AND APPLICATIONS (ICCA), 2018, : 110 - 115
[24] Cybersecurity in digital justice: recommendations for Colombian case
Patricia Rodriguez-Marquez, Maribel
UIS INGENIERIAS, 2021, 20 (03): : 19 - 45
[25] Analysis of cybersecurity competencies: Recommendations for telecommunications policy
Szczepaniuk, Edyta Karolina
Szczepaniuk, Hubert
TELECOMMUNICATIONS POLICY, 2022, 46 (03)
[26] Developing ABET Criteria for Undergraduate Cybersecurity Programs
Parrish, Allen
Sobiesk, Edward
2016 IEEE FRONTIERS IN EDUCATION CONFERENCE (FIE), 2016,
[27] Cybersecurity Study Programs: What's in a Name?
Vykopal, Jan
Svabensky, Valdemar
Lopez, Michael Tuscano, II
Celeda, Pavel
PROCEEDINGS OF THE 56TH ACM TECHNICAL SYMPOSIUM ON COMPUTER SCIENCE EDUCATION, SIGCSE TS 2025, VOL 2, 2025, : 1169 - 1175
[28] Cybersecurity Study Programs: What's in a Name?
Vykopal, Jan
Svabensky, Valdemar
Lopez, Michael Tuscano, II
Celeda, Pavel
PROCEEDINGS OF THE 56TH ACM TECHNICAL SYMPOSIUM ON COMPUTER SCIENCE EDUCATION, SIGCSE TS 2025, VOL 1, 2025, : 1169 - 1175
[29] Distributed Ledger for Cybersecurity: Issues and Challenges in Railways
Patwardhan, Amit
Thaduri, Adithya
Karim, Ramin
SUSTAINABILITY, 2021, 13 (18)
[30] Electronic Public Procurement: Process and Cybersecurity Issues
Issabayeva, Symbat
Yesseniyazova, Botagoz
Grega, Matus
NISPACEE JOURNAL OF PUBLIC ADMINISTRATION AND POLICY, 2019, 12 (02) : 61 - 79

← 1 2 3 4 5 →