Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引:26
作者
Malladi, Suresh S. [1 ]
Subramanian, Hemang C. [2 ]
机构
[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA
[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA
来源
IEEE SOFTWARE | 2020年 / 37卷 / 01期
关键词
Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;
D O I
10.1109/MS.2018.2880508
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.
引用
收藏
页码:31 / 39
页数:9
相关论文
共 50 条
[31]   Distributed Ledger for Cybersecurity: Issues and Challenges in Railways [J].
Patwardhan, Amit ;
Thaduri, Adithya ;
Karim, Ramin .
SUSTAINABILITY, 2021, 13 (18)
[32]   Electronic Public Procurement: Process and Cybersecurity Issues [J].
Issabayeva, Symbat ;
Yesseniyazova, Botagoz ;
Grega, Matus .
NISPACEE JOURNAL OF PUBLIC ADMINISTRATION AND POLICY, 2019, 12 (02) :61-79
[33]   Framework, Tools and Good Practices for Cybersecurity Curricula [J].
Hajny, Jan ;
Ricci, Sara ;
Piesarskas, Edmundas ;
Levillain, Olivier ;
Galletta, Letterio ;
De Nicola, Rocco .
IEEE ACCESS, 2021, 9 :94723-94747
[34]   COVID-19 pandemic cybersecurity issues [J].
Pranggono, Bernardi ;
Arabo, Abdullahi .
INTERNET TECHNOLOGY LETTERS, 2021, 4 (02)
[35]   Shedding Light on Inconsistencies in Grid Cybersecurity: Disconnects and Recommendations [J].
Singer, Brian ;
Pandey, Amritanshu ;
Li, Shimiao ;
Bauer, Lujo ;
Miller, Craig ;
Pileggi, Lawrence ;
Sekar, Vyas .
2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2023, :38-55
[36]   Exploring SME cybersecurity practices in developing countries [J].
Kabanda, Salah ;
Tanner, Maureen ;
Kent, Cameron .
JOURNAL OF ORGANIZATIONAL COMPUTING AND ELECTRONIC COMMERCE, 2018, 28 (03) :269-282
[37]   Cybersecurity best practices among Polish students [J].
Szumski, Oskar .
KNOWLEDGE-BASED AND INTELLIGENT INFORMATION & ENGINEERING SYSTEMS (KES-2018), 2018, 126 :1271-1280
[38]   The Current Landscape of Cybersecurity Training in CAHIIM Accredited Programs [J].
Wu, Huanmei ;
Patel, Mukeshi Kumar ;
Tan, Chiu C. .
2024 IEEE 12TH INTERNATIONAL CONFERENCE ON HEALTHCARE INFORMATICS, ICHI 2024, 2024, :750-752
[39]   Opportunities and Challenges of Cybersecurity for Undergraduate Information Systems Programs [J].
Wang, Shouhong ;
Wang, Hai .
INTERNATIONAL JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGY EDUCATION, 2019, 15 (02) :49-68
[40]   A Comprehensive Review on Cybersecurity Issues and Their Mitigation Measures in FinTech [J].
Ali G. ;
Mijwil M.M. ;
Buruga B.A. ;
Abotaleb M. .
Iraqi Journal for Computer Science and Mathematics, 2024, 5 (03) :45-91
12345