Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引：25

作者：

Malladi, Suresh S. ^{[1
]}

Subramanian, Hemang C. ^{[2
]}

机构：

[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA

[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA

来源：

IEEE SOFTWARE | 2020年 / 37卷 / 01期

关键词：

Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;

D O I：

10.1109/MS.2018.2880508

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.

引用

页码：31 / 39

页数：9

共 50 条

[1] Cybersecurity Programs in Saudi Arabia: Issues and Recommendations
Alsmadi, Izzat
Zarour, Mohammad
2018 1ST INTERNATIONAL CONFERENCE ON COMPUTER APPLICATIONS & INFORMATION SECURITY (ICCAIS' 2018), 2018,
[2] Bug Bounty Programs - a Mapping Study
Magazinius, Ana
Mellegard, Niklas
Olsson, Linda
2019 45TH EUROMICRO CONFERENCE ON SOFTWARE ENGINEERING AND ADVANCED APPLICATIONS (SEAA 2019), 2019, : 412 - 415
[3] The Rules of Engagement for Bug Bounty Programs
Laszka, Aron
Zhao, Mingyi
Malbari, Akash
Grossklags, Jens
FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, FC 2018, 2018, 10957 : 138 - 159
[4] An Empirical Study of Bug Bounty Programs
Walshe, Thomas
Simpson, Andrew
PROCEEDINGS OF THE 2020 IEEE 2ND INTERNATIONAL WORKSHOP ON INTELLIGENT BUG FIXING (IBF '20), 2020, : 35 - 44
[5] Understanding the Heterogeneity of Contributors in Bug Bounty Programs
Hata, Hideaki
Guo, Mingyu
Babar, M. Ali
11TH ACM/IEEE INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT (ESEM 2017), 2017, : 223 - 228
[6] Security Professional Skills Representation in Bug Bounty Programs and Processes
Mumtaz, Sara
Rodriguez, Carlos
Zamanirad, Shayan
SERVICE-ORIENTED COMPUTING, ICSOC 2020, 2021, 12632 : 334 - 348
[7] Navigating vulnerability markets and bug bounty programs: A public policy perspective
Zrahia, Aviram
INTERNET POLICY REVIEW, 2024, 13 (01):
[8] Beyond the Bugs: Enhancing Bug Bounty Programs through Academic Partnerships
Kristofik, Andrej
Vostoupal, Jakub
Malinka, Kamil
Kasl, Frantisek
Loutocky, Pavel
19TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY, ARES 2024, 2024,
[9] Cybersecurity Best Practices for CISE Programs
Sobel, Ann
Vetter, Ron
COMPUTER, 2022, 55 (05) : 64 - 72
[10] Optimizing Bug Bounty Programs for Efficient Malware-Related Vulnerability Discovery
Yulianto, Semi
Soewito, Benfano
Gaol, Ford Lumban
Kurniawan, Aditya
INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2024, 15 (04) : 291 - 299

← 1 2 3 4 5 →