The Hackers' Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs

Download PDF.

“The Hackers' Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs” by Omer Akgul, Taha Eghtesad, Amit Elazari, Omprakash Gnawali, Jens Grossklags, Daniel Votipka, and Aron Laszka. In Proceedings of the 6th Workshop on Security Information Workers (WSIW 2020), Nov. 2020.

Abstract

In recent years, bug-bounty programs have garnered popularity and became a significant part of the security culture of many organizations. Bug-bounty programs enable these organizations to improve their security posture by harnessing the outside perspective of a diverse crowd of security experts (bug hunters). However, bug-bounty programs also suffer from inefficiencies, such as duplicate and invalid bug reports, which are resource consuming for organizations and bug hunters alike. To address these issues, it is crucial to understand how bug hunters make decisions, what motivates them, and what challenges they face. We present the results of an initial survey conducted among bug hunters to address these questions. We recruited 56 security experts who participate in bug-bounty programs to answer open-ended questions regarding various aspects of their participation in bug-bounty programs. Their responses provide a detailed overview of the motivations of security experts and the challenges that they face.

Download PDF.

BibTeX entry:

@inproceedings{bugbounty-wsiw20,
   author = {Omer Akgul and Taha Eghtesad and Amit Elazari and Omprakash
	Gnawali and Jens Grossklags and Daniel Votipka and Aron Laszka},
   title = {The Hackers' Viewpoint: Exploring Challenges and Benefits of
	Bug-Bounty Programs},
   booktitle = {Proceedings of the 6th Workshop on Security Information
	Workers (WSIW 2020)},
   month = nov,
   year = {2020}
}