all InfoSec news
Merchants of Vulnerabilities: How Bug Bounty Programs Benefit Software Vendors
April 29, 2024, 4:11 a.m. | Esther Gal-Or, Muhammad Zia Hydari, Rahul Telang
cs.CR updates on arXiv.org arxiv.org
Abstract: Software vulnerabilities enable exploitation by malicious hackers, compromising systems and data security. This paper examines bug bounty programs (BBPs) that incentivize ethical hackers to discover and responsibly disclose vulnerabilities to software vendors. Using game-theoretic models, we capture the strategic interactions between software vendors, ethical hackers, and malicious hackers. First, our analysis shows that software vendors can increase expected profits by participating in BBPs, explaining their growing adoption and the success of BBP platforms. Second, we …
arxiv bounty bug bug bounty bug bounty programs capture cs.cr cs.gt data data security discover econ.gn enable ethical ethical hackers exploitation game hackers malicious q-fin.ec security software software vendors software vulnerabilities strategic systems vendors vulnerabilities
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Manager-West Coast
@ The Walt Disney Company | USA - CA - 2500 Broadway Street
Vulnerability Analyst - Remote (WFH)
@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
Senior Mainframe Security Administrator
@ Danske Bank | Copenhagen V, Denmark