Software vulnerabilities and bug bounty programs
Working paper
Åpne
Permanent lenke
https://hdl.handle.net/11250/2654088Utgivelsesdato
2020-05-12Metadata
Vis full innførselSamlinger
- Discussion papers (FOR) [569]
Sammendrag
Many software developers employ bug bounty programs that award a prize for the detection of bugs in their software. We analyze, in a model with asymmetric information, under which conditions a bug bounty program is beneficial for a software developer. In our model, a bug bounty program allows developers to perfectly discriminate between different types of bugs, and help to avoid reputation costs of exploited bugs. We find that the benefits of bounty program do not only depend on the characteristics of the underlying software but also that a bounty program crucially interacts with other elements of the security strategy.