Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引:27
作者
Malladi, Suresh S. [1 ]
Subramanian, Hemang C. [2 ]
机构
[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA
[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA
来源
IEEE SOFTWARE | 2020年 / 37卷 / 01期
关键词
Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;
D O I
10.1109/MS.2018.2880508
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.
引用
收藏
页码:31 / 39
页数:9
相关论文
共 50 条
[21]   Changing Hearts and Minds: The Role of Cybersecurity Champion Programs in Cybersecurity Culture [J].
Granova, Victoria ;
Mashatan, Atefeh ;
Turetken, Ozgur .
AUGMENTED COGNITION, AC 2023, 2023, 14019 :416-428
[22]   CYBERSECURITY EDUCATIONAL PROGRAMS: COSTS AND BENEFITS [J].
Dumitru, Daniel ;
Ion, Tiberiu .
2019 BASIQ INTERNATIONAL CONFERENCE: NEW TRENDS IN SUSTAINABLE BUSINESS AND CONSUMPTION, 2019, :625-631
[23]   eMaintenance in railways: Issues and challenges in cybersecurity [J].
Kour, Ravdeep ;
Aljumaili, Mustafa ;
Karim, Ramin ;
Tretten, Phillip .
PROCEEDINGS OF THE INSTITUTION OF MECHANICAL ENGINEERS PART F-JOURNAL OF RAIL AND RAPID TRANSIT, 2019, 233 (10) :1012-1022
[24]   Cybercrime and Cybersecurity Issues in the BRICS Economies [J].
Kshetri, Nir .
JOURNAL OF GLOBAL INFORMATION TECHNOLOGY MANAGEMENT, 2015, 18 (04) :245-249
[25]   Cybersecurity Issues in Implanted Medical Devices [J].
Tabasum, Aliya ;
Safi, Zeineb ;
AlKhater, Wadha ;
Shikfa, Abdullatif .
2018 INTERNATIONAL CONFERENCE ON COMPUTER AND APPLICATIONS (ICCA), 2018, :110-115
[26]   Cybersecurity in digital justice: recommendations for Colombian case [J].
Patricia Rodriguez-Marquez, Maribel .
UIS INGENIERIAS, 2021, 20 (03) :19-45
[27]   Analysis of cybersecurity competencies: Recommendations for telecommunications policy [J].
Szczepaniuk, Edyta Karolina ;
Szczepaniuk, Hubert .
TELECOMMUNICATIONS POLICY, 2022, 46 (03)
[28]   Identifying Information Technology (IT) and Cybersecurity Executives' Competencies to Support Comprehensive Cybersecurity Programs [J].
Wagner, Paul E. ;
Mapp, William E. .
PROCEEDINGS OF THE 23RD EUROPEAN CONFERENCE ON CYBER WARFARE AND SECURITY, ECCWS 2024, 2024, 23 :613-621
[29]   Cybersecurity Study Programs: What's in a Name? [J].
Vykopal, Jan ;
Svabensky, Valdemar ;
Lopez, Michael Tuscano, II ;
Celeda, Pavel .
PROCEEDINGS OF THE 56TH ACM TECHNICAL SYMPOSIUM ON COMPUTER SCIENCE EDUCATION, SIGCSE TS 2025, VOL 2, 2025, :1169-1175
[30]   Developing ABET Criteria for Undergraduate Cybersecurity Programs [J].
Parrish, Allen ;
Sobiesk, Edward .
2016 IEEE FRONTIERS IN EDUCATION CONFERENCE (FIE), 2016,
12345