PACIS 2020 Proceedings


While vulnerability crowdsourcing programs has been acknowledged as an innovative way to help organizations improve their system security measures, there is still limited knowledge and empirical evidence on how organizations manage such programs. This paper aims to understand how control mechanisms set by organizations influence program performance on the bug bounty platform. Based on control theory, we hypothesized that formal control (including behavior control and outcome control) from the organization can improve quality of submissions at the cost of the program popularity. In contrast, informal control (including clan control and self-control) positively affects program popularity and quality of submissions. We collected detailed information of 272 programs from HackerOne and will empirically test our hypotheses in the near future. It is expected that this paper will provide empirical evidence that contributes to the scarce research on vulnerability crowdsourcing program management.

514.pptx (2365 kB)



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.