Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引：25

作者：

Malladi, Suresh S. ^{[1
]}

Subramanian, Hemang C. ^{[2
]}

机构：

[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA

[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA

来源：

IEEE SOFTWARE | 2020年 / 37卷 / 01期

关键词：

Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;

D O I：

10.1109/MS.2018.2880508

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.

引用

页码：31 / 39

页数：9

共 50 条

[31] Harmonizing Cybersecurity Practices
Villamor, Antonio M.
Danidou, Yianna
ISACA Journal, 2023, 5 : 49 - 54
[32] Basic Recommendations For HVAC Cybersecurity
Galler, Mike
ASHRAE JOURNAL, 2021, 63 : 72 - 73
[33] BOUNTY PROGRAMS - AN EFFECTIVE WEED MANAGEMENT TOOL
LACEY, CA
EGAN, C
PEARSON, W
FAY, PK
WEED TECHNOLOGY, 1988, 2 (02) : 196 - 197
[34] Gay, lesbian, and transgender issues in education: programs, policies, and practices
Clarke, Gill
INTERNATIONAL JOURNAL OF RESEARCH & METHOD IN EDUCATION, 2006, 29 (02) : 259 - 260
[35] ORGANIZATION OF PUPIL PERSONNEL PROGRAMS - ISSUES AND PRACTICES - HATCH,RN
GASKINS, JR
PERSONNEL AND GUIDANCE JOURNAL, 1975, 53 (06): : 482 - 482
[36] Faculty Practices on Infusing Disability Issues in Brazilian PETE Programs
Zanandrea, Maria
Rizzo, Terry L.
RESEARCH QUARTERLY FOR EXERCISE AND SPORT, 2009, 80 (01) : A104 - A104
[37] Faith-based programs for reentry courts: A summary of issues and recommendations
Herz, DC
Walsh, JE
JUVENILE AND FAMILY COURT JOURNAL, 2004, 55 (04) : 15 - 25
[38] Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis
Subramanian, Hemang Chamakuzhi
Malladi, Suresh
JOURNAL OF DATABASE MANAGEMENT, 2020, 31 (01) : 38 - 63
[39] MENTAL HEALTH PROGRAMS OF THE STATES - RECOMMENDATIONS BASED ON STUDIES OF CURRENT PRACTICES
GUTHRIE, RH
PUBLIC HEALTH REPORTS, 1954, 69 (07) : 649 - 653
[40] Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms
Laszka, Aron
Zhao, Mingyi
Grossklags, Jens
COMPUTER SECURITY - ESORICS 2016, PT II, 2016, 9879 : 161 - 178

← 1 2 3 4 5 →