The use of bug bounty programs for software reliability improvement
Publication Type
Conference Proceeding Article
Publication Date
7-2023
Abstract
As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability investment incentive. We build a model to examine strategic decisions of launching and participating in a BBP for the platform and third-party vendor, respectively. We find that the platform’s (vendor’s) launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s investment efficiency. The incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Only when the potential loss is high and investment efficiency is low, BBP would be the equilibrium outcome. We find using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, makes the platform less reliable, and hurts end users.
Discipline
Databases and Information Systems | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
Pacific Asia Conference on Information Systems PACIS 2023: Nanchang, July 8-12: Proceedings
Publisher
AIS
City or Country
Nanchang
Citation
ZHOU, Tianlu; Dan MA; and FENG, Nan.
The use of bug bounty programs for software reliability improvement. (2023). Pacific Asia Conference on Information Systems PACIS 2023: Nanchang, July 8-12: Proceedings.
Available at: https://ink.library.smu.edu.sg/sis_research/8646
Additional URL
https://aisel.aisnet.org/pacis2023/99/