Merchants of Vulnerabilities: How Bug Bounty Programs Benefit Software Vendors

arXiv:2404.17497v1 Announce Type: new
Abstract: Software vulnerabilities enable exploitation by malicious hackers, compromising systems and data security. This paper examines bug bounty programs (BBPs) that incentivize ethical hackers to discover and responsibly disclose vulnerabilities to software vendors. Using game-theoretic models, we capture the strategic interactions between software vendors, ethical hackers, and malicious hackers. First, our analysis shows that software vendors can increase expected profits by participating in BBPs, explaining their growing adoption and the success of BBP platforms. Second, we …

arxiv bounty bug bug bounty bug bounty programs capture cs.cr cs.gt data data security discover econ.gn enable ethical ethical hackers exploitation game hackers malicious q-fin.ec security software software vendors software vulnerabilities strategic systems vendors vulnerabilities