Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
6-2023
Abstract
Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliability of third-party software. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs on them as well. As a result, the overall impact of using BBP is unclear. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s initial reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent.
Keywords
bug bounty program, digital platform, third-party application
Discipline
Databases and Information Systems
Research Areas
Information Systems and Management
Publication
Proceedings of the16th China Summer Workshop on Information Management, Changsha, China, 2023 June 24-25
First Page
169
Last Page
174
City or Country
Changsha, CHINA
Citation
ZHOU, Tianlu; Dan MA; and FENG, Nan.
Enhancing third-party software reliability through bug bounty programs. (2023). Proceedings of the16th China Summer Workshop on Information Management, Changsha, China, 2023 June 24-25. 169-174.
Available at: https://ink.library.smu.edu.sg/sis_research/8596
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.