all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Merchants of Vulnerabilities: How Bug Bounty Programs Benefit Software Vendors

Add to bookmarks
April 29, 2024, 4:11 a.m. | Esther Gal-Or, Muhammad Zia Hydari, Rahul Telang

cs.CR updates on arXiv.org arxiv.org

arXiv:2404.17497v1 Announce Type: new
Abstract: Software vulnerabilities enable exploitation by malicious hackers, compromising systems and data security. This paper examines bug bounty programs (BBPs) that incentivize ethical hackers to discover and responsibly disclose vulnerabilities to software vendors. Using game-theoretic models, we capture the strategic interactions between software vendors, ethical hackers, and malicious hackers. First, our analysis shows that software vendors can increase expected profits by participating in BBPs, explaining their growing adoption and the success of BBP platforms. Second, we …

arxiv bounty bug bug bounty bug bounty programs capture cs.cr cs.gt data data security discover econ.gn enable ethical ethical hackers exploitation game hackers malicious q-fin.ec security software software vendors software vulnerabilities strategic systems vendors vulnerabilities

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Dihedral Quantum Codes 1 day, 16 hours ago | arxiv.org
arxiv block class code +9
A Privacy Preserving System for Movie Recommendations Using Federated Learning 1 day, 16 hours ago | arxiv.org
arxiv businesses cs.cr cs.ir +20
VulLibGen: Identifying Vulnerable Third-Party Libraries via Generative Pre-Trained Model 1 day, 16 hours ago | arxiv.org
accelerate advisory arxiv cs.cr +24
Simultaneous Haar Indistinguishability with Applications to Unclonable Cryptography 1 day, 16 hours ago | arxiv.org
applications arxiv build cloning +11
SoK: Prudent Evaluation Practices for Fuzzing 1 day, 16 hours ago | arxiv.org
afl arxiv bugs concept +13
The Effect of Quantization in Federated Learning: A R\'enyi Differential Privacy Perspective 1 day, 16 hours ago | arxiv.org
arxiv can cs.cr cs.dc +15
Unveiling the Potential: Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption 1 day, 16 hours ago | arxiv.org
arxiv attacks body cs.ai +16
SecureLLM: Using Compositionality to Build Provably Secure Language Models for Private, Sensitive, and Secret Data 1 day, 16 hours ago | arxiv.org
access arxiv back build +15
IBD-PSC: Input-level Backdoor Detection via Parameter-oriented Scaling Consistency 1 day, 16 hours ago | arxiv.org
adversaries arxiv attacks backdoor +22

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street
View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark
View on infosec-jobs.com