Cyber-security, Privacy and Ethics of IS

Loading...

Media is loading
 

Paper Number

2606

Paper Type

short

Description

In this paper, we have analyzed voluntary vulnerability disclosure and its effects on ethical hackers’ participation in an organization’s bug bounty program. Specifically, we have analyzed the effect of the disclosure of patched vulnerability reports in a bug bounty program and how it affects new hackers’ participation in the program. Using a dataset from a leading bug bounty platform, we have shown that the disclosure of valid vulnerabilities attracts new hackers to the program. We have also found that the disclosure of valid reports also attracts more experienced hackers to the program. However, the disclosure of duplicate, informational, and not-applicable reports decreases the participation of experienced hackers in a program. Our findings broaden our understanding of working with ethical hackers on bug bounty programs. We contribute to the debate in operations management in how organizations’ earlier workflow attracts new and high-quality workers to the programs in an open crowdsourcing platform.

Comments

07-Security

Share

COinS
Best Paper Nominee badge
 
Dec 12th, 12:00 AM

The Role of Vulnerability Disclosure on Hacker Participation in Bug Bounty Programs

In this paper, we have analyzed voluntary vulnerability disclosure and its effects on ethical hackers’ participation in an organization’s bug bounty program. Specifically, we have analyzed the effect of the disclosure of patched vulnerability reports in a bug bounty program and how it affects new hackers’ participation in the program. Using a dataset from a leading bug bounty platform, we have shown that the disclosure of valid vulnerabilities attracts new hackers to the program. We have also found that the disclosure of valid reports also attracts more experienced hackers to the program. However, the disclosure of duplicate, informational, and not-applicable reports decreases the participation of experienced hackers in a program. Our findings broaden our understanding of working with ethical hackers on bug bounty programs. We contribute to the debate in operations management in how organizations’ earlier workflow attracts new and high-quality workers to the programs in an open crowdsourcing platform.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.