The Use of Bug Bounty Programs for Software Reliability Improvement

Authors

ZHOU Tianlu, Tianjin UniversityFollow
DAN MA, Singapore Management UniversityFollow
FENG NAN, Tianjin UniversityFollow

Abstract

As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability investment incentive. We build a model to examine strategic decisions of launching and participating in a BBP for the platform and third-party vendor, respectively. We find that the platform’s (vendor’s) launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s investment efficiency. The incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Only when the potential loss is high and investment efficiency is low, BBP would be the equilibrium outcome. We find using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, makes the platform less reliable, and hurts end users.

Comments

Paper Number 1422; Track Cybersecurity; Complete Paper

Recommended Citation

Tianlu, ZHOU; MA, DAN; and NAN, FENG, "The Use of Bug Bounty Programs for Software Reliability Improvement" (2023). PACIS 2023 Proceedings. 99.
https://aisel.aisnet.org/pacis2023/99