Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations

被引:25
|
作者
Malladi, Suresh S. [1 ]
Subramanian, Hemang C. [2 ]
机构
[1] Univ Arkansas, Sam Walton Coll Business, Informat Syst, Fayetteville, AR 72701 USA
[2] Florida Int Univ, Business Sch, Informat Syst & Business Analyt, Miami, FL 33199 USA
来源
IEEE SOFTWARE | 2020年 / 37卷 / 01期
关键词
Crowdsourcing; Fuzzing; Computer hacking; Tools; Computer bugs; Bug-Bounty; Hackers; Cyber-Security; SOFTWARE;
D O I
10.1109/MS.2018.2880508
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Drawing upon crowdsourcing, bug bounty programs (BBPs) are entering the mainstream security practice in organizations. We analyze and recommend best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation.
引用
收藏
页码:31 / 39
页数:9
相关论文
共 50 条
  • [41] Understanding iiot cybersecurity issues
    BRANSON, DAVID J.
    ASHRAE Journal, 2021, 63 (07) : 56 - 57
  • [42] Detecting Data Quality Issues in Clinical Trials: Current Practices and Recommendations
    David Knepper
    Christian Fenske
    Patrick Nadolny
    Alun Bedding
    Elena Gribkova
    John Polzer
    Jennifer Neumann
    Brett Wilson
    Joanne Benedict
    Andy Lawton
    Therapeutic Innovation & Regulatory Science, 2016, 50 : 15 - 21
  • [43] Detecting Data Quality Issues in Clinical Trials: Current Practices and Recommendations
    Knepper, David
    Fenske, Christian
    Nadolny, Patrick
    Bedding, Alun
    Gribkova, Elena
    Polzer, John
    Neumann, Jennifer
    Wilson, Brett
    Benedict, Joanne
    Lawton, Andy
    THERAPEUTIC INNOVATION & REGULATORY SCIENCE, 2016, 50 (01) : 15 - 21
  • [44] Cybersecurity: trends, issues, and challenges
    Krzysztof Cabaj
    Zbigniew Kotulski
    Bogdan Księżopolski
    Wojciech Mazurczyk
    EURASIP Journal on Information Security, 2018 (1)
  • [45] Cybersecurity issues of pension payments
    Szabo, Zsolt
    2017 IEEE 15TH INTERNATIONAL SYMPOSIUM ON INTELLIGENT SYSTEMS AND INFORMATICS (SISY), 2017, : 289 - 292
  • [46] Understanding IIoT Cybersecurity Issues
    Branson, David J.
    ASHRAE JOURNAL, 2021, 63 : 56 - 57
  • [47] Cybersecurity issues in citizen science
    Schaeffer, Donna M.
    Olson, Patrick C.
    2021 IEEE INTERNATIONAL SYMPOSIUM ON TECHNOLOGY AND SOCIETY (ISTAS21): TECHNOLOGICAL STEWARDSHIP & RESPONSIBLE INNOVATION, 2021,
  • [48] Cybersecurity: trends, issues, and challenges
    Cabaj, Krzysztof
    Kotulski, Zbigniew
    Ksiezopolski, Bogdan
    Mazurczyk, Wojciech
    EURASIP JOURNAL ON INFORMATION SECURITY, 2018,
  • [49] ISSUES OF CYBERSECURITY OF THE PRODUCTION SYSTEM
    Maradova, K. A. R. L. A.
    Blecha, P. E. T. R.
    Blecha, R. A. D. I. M.
    Rozehnalova, J. A. N. A.
    Frkal, V. O. J. T. E. C. H.
    MM SCIENCE JOURNAL, 2022, 2022 : 6156 - 6161
  • [50] Design recommendations for online cybersecurity courses
    Gonzalez-Manzano, Lorena
    de Fuentes, Jose M.
    COMPUTERS & SECURITY, 2019, 80 : 238 - 256
12345