An economic analysis of third-party software reliability improvement using the Bug Bounty Program
Publication Type
Conference Proceeding Article
Publication Date
12-2023
Abstract
Bug Bounty Programs (BBPs) reward external hackers for reporting software vulnerabilities. As the number of security issues caused by third-party applications has been significantly increased recently, many digital platforms are considering launching BBPs to help improve the reliability of third-party software. In this paper, we present an analytical model to examine the strategic decisions of launching and participating in a BBP for the platform and the third-party vendor, respectively. We find that the platform’s (the vendor’s) BBP launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s reliability investment efficiency. We show that the incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Meanwhile, we find that using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, instead of improving it, makes the platform marketplace less secure, and thus hurts end users.
Discipline
Databases and Information Systems | Information Security
Research Areas
Data Science and Engineering
Publication
ICIS 2023: Hyderabad, December 10-13: Proceedings
Publisher
AIS
City or Country
Hyderabad INDIA
Citation
ZHOU, Tianlu; Dan MA; and FENG, Nan.
An economic analysis of third-party software reliability improvement using the Bug Bounty Program. (2023). ICIS 2023: Hyderabad, December 10-13: Proceedings.
Available at: https://ink.library.smu.edu.sg/sis_research/8629
Additional URL
https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/8/