Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2023

Abstract

Bug Bounty Programs (BBPs) reward external hackers for identifying and reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help enhance the reliability of third-party software. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs on them as well. As a result, the overall impact of using BBP is unclear. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s initial reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent.

Keywords

bug bounty program, digital platform, third-party application

Discipline

Databases and Information Systems

Research Areas

Information Systems and Management

Publication

Proceedings of the16th China Summer Workshop on Information Management, Changsha, China, 2023 June 24-25

First Page

169

Last Page

174

City or Country

Changsha, CHINA

Share

COinS