The use of bug bounty programs for software reliability improvement

Publication Type

Conference Proceeding Article

Publication Date

7-2023

Abstract

As the number of security breaches caused by third-party applications significantly increased, digital platforms are launching BBPs to help improve software reliability. BBPs bring benefits to the platform and vendors, meanwhile impose additional costs; and may change the vendors’ reliability investment incentive. We build a model to examine strategic decisions of launching and participating in a BBP for the platform and third-party vendor, respectively. We find that the platform’s (vendor’s) launching (participation) decisions depend on two key factors: the expected loss due to security breaches and the vendor’s investment efficiency. The incentive of using BBP, for the platform and vendor, sometimes is inconsistent. Only when the potential loss is high and investment efficiency is low, BBP would be the equilibrium outcome. We find using the BBP is not always socially optimal. Under certain conditions, it reduces the overall software reliability, makes the platform less reliable, and hurts end users.

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Pacific Asia Conference on Information Systems PACIS 2023: Nanchang, July 8-12: Proceedings

Publisher

AIS

City or Country

Nanchang

Additional URL

https://aisel.aisnet.org/pacis2023/99/

This document is currently not available here.

Share

COinS