Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引:25
|
作者
Malladi, Suresh S. [1 ]
Subramanian, Hemang C. [2 ]
机构
[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA
[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA
来源
IEEE SOFTWARE | 2020年 / 37卷 / 01期
关键词
Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;
D O I
10.1109/MS.2018.2880508
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.
引用
收藏
页码:31 / 39
页数:9
相关论文
共 50 条
  • [21] Blockchain-based Bug Bounty Framework
    Badash, Lital
    Tapas, Nachiket
    Nadler, Asaf
    Longo, Francesco
    Shabtai, Asaf
    36TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, SAC 2021, 2021, : 239 - 248
  • [22] The simple economics of an external shock to a bug bounty platform
    Zrahia, Aviram
    Gandal, Neil
    Markovich, Sarit
    Riordan, Michael
    JOURNAL OF CYBERSECURITY, 2024, 10 (01):
  • [23] INTERNATIONAL SERVICE LEARNING PROGRAMS: ETHICAL ISSUES AND RECOMMENDATIONS
    Reisch, Rebecca A.
    DEVELOPING WORLD BIOETHICS, 2011, 11 (02) : 93 - 98
  • [24] ASSESSMENT AND APPRAISAL - ISSUES, PRACTICES, AND PROGRAMS ... FROM THE EDITOR
    VACC, NA
    BARDON, JI
    MEASUREMENT AND EVALUATION IN GUIDANCE, 1982, 15 (01): : 7 - 8
  • [25] Practices and issues of moulting programs for laying hens: a review
    Mishra, R.
    Mishra, B.
    Kim, Y. S.
    Jha, R.
    BRITISH POULTRY SCIENCE, 2022, 63 (05) : 720 - 729
  • [26] Bountychain: Toward Decentralizing a Bug Bounty Program with Blockchain and IPFS
    Alex Hoffman
    Phillipe Austria
    Chol Hyun Park
    Yoohwan Kim
    International Journal of Networked and Distributed Computing, 2021, 9 : 86 - 93
  • [27] Bountychain: Toward Decentralizing a Bug Bounty Program with Blockchain and IPFS
    Hoffman, Alex
    Austria, Phillipe
    Park, Chol Hyun
    Kim, Yoohwan
    INTERNATIONAL JOURNAL OF NETWORKED AND DISTRIBUTED COMPUTING, 2021, 9 (2-3) : 86 - 93
  • [28] Cybersecurity Issues in AI
    Puthal, Deepak
    Mohanty, Saraju P.
    IEEE CONSUMER ELECTRONICS MAGAZINE, 2021, 10 (04) : 33 - 35
  • [29] Cybersecurity Issues in Robotics
    Clark, George W., Jr.
    Doran, Michael V.
    Andel, Todd R.
    2017 IEEE CONFERENCE ON COGNITIVE AND COMPUTATIONAL ASPECTS OF SITUATION MANAGEMENT (COGSIMA), 2017,
  • [30] Professional project management practices in Kuwait: Issues, difficulties and recommendations
    Kartam, N.A.
    Al-Daihani, T.G.
    Al-Bahar, J.F.
    International Journal of Project Management, 2000, 18 (04) : 281 - 296
12345