Software Vulnerabilities and Bug Bounty Programs
نویسندگان
چکیده
منابع مشابه
Crowdsourced Security Vulnerability Discovery: Modeling and Organizing Bug-Bounty Programs
Despite significant progress in software-engineering practices, software utilized for desktop and mobile computing remains insecure. At the same time, the consumer and business information handled by these programs is growing in its richness and monetization potential, which triggers significant privacy and security concerns. In response to these challenges, companies are increasingly harvestin...
متن کاملDiversity or Concentration? Hackers’ Strategy for Working Across Multiple Bug Bounty Programs
Bug bounty programs have been proved effective in attracting external hackers to find and disclose potential flaws in a responsible way. There are many different bug bounty programs, so how do hackers balance diversity and concentration to effectively build their reputation in the vulnerability discovery ecosystem? In this paper, we present a novel methodology to understand how hackers spread t...
متن کاملGiven enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs
Bug bounty programs offer a modern platform for organizations to crowdsource their software security and for security researchers to be fairly rewarded for the vulnerabilities they find. Little is known however on the incentives set by bug bounty programs: How they drive new bug discoveries, and how they supposedly improve security through the progressive exhaustion of discoverable vulnerabilit...
متن کاملBanishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms
Bug-bounty programs have the potential to harvest the efforts and diverse knowledge of thousands of white hat hackers. As a consequence, they are becoming increasingly popular as a key part of the security culture of organizations. However, bug-bounty programs can be riddled with myriads of invalid vulnerability-report submissions, which are partially the result of misaligned incentives between...
متن کاملA Glance at Psychophysics Software Programs
Visual stimulation with precise control of stimulus has transformed the field of psychophysics since the introduction of personal computers. Luminance and chromatic features of stimulus, timing, and position of the stimulus are the main features that could be defined using programs written specifically for psychophysical experiments. In this manuscript, software used for the psychophysical expe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: SSRN Electronic Journal
سال: 2020
ISSN: 1556-5068
DOI: 10.2139/ssrn.3599013