TY - GEN
T1 - The Role of Vulnerability Disclosure on Hacker Participation in Bug Bounty Programs
AU - Ahmed, Ali
AU - Lee, Ho Cheung Brian
AU - Deokar, Amit
N1 - Publisher Copyright:
© 2021 42nd International Conference on Information Systems, ICIS 2021 TREOs: "Building Sustainability and Resilience with IS: A Call for Action". All Rights Reserved.
PY - 2021
Y1 - 2021
N2 - In this paper, we have analyzed voluntary vulnerability disclosure and its effects on ethical hackers’ participation in an organization’s bug bounty program. Specifically, we have analyzed the effect of the disclosure of patched vulnerability reports in a bug bounty program and how it affects new hackers’ participation in the program. Using a dataset from a leading bug bounty platform, we have shown that the disclosure of valid vulnerabilities attracts new hackers to the program. We have also found that the disclosure of valid reports also attracts more experienced hackers to the program. However, the disclosure of duplicate, informational, and not-applicable reports decrease the participation of experienced hackers in a program. Our findings broaden our understanding of working with ethical hackers on bug bounty programs. We contribute to the debate in operations management in how organizations’ earlier workflow attracts new and high-quality workers to the programs in an open crowdsourcing platform.
AB - In this paper, we have analyzed voluntary vulnerability disclosure and its effects on ethical hackers’ participation in an organization’s bug bounty program. Specifically, we have analyzed the effect of the disclosure of patched vulnerability reports in a bug bounty program and how it affects new hackers’ participation in the program. Using a dataset from a leading bug bounty platform, we have shown that the disclosure of valid vulnerabilities attracts new hackers to the program. We have also found that the disclosure of valid reports also attracts more experienced hackers to the program. However, the disclosure of duplicate, informational, and not-applicable reports decrease the participation of experienced hackers in a program. Our findings broaden our understanding of working with ethical hackers on bug bounty programs. We contribute to the debate in operations management in how organizations’ earlier workflow attracts new and high-quality workers to the programs in an open crowdsourcing platform.
UR - http://www.scopus.com/inward/record.url?scp=85175728990&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85175728990&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85175728990
T3 - 42nd International Conference on Information Systems, ICIS 2021 TREOs: "Building Sustainability and Resilience with IS: A Call for Action"
BT - 42nd International Conference on Information Systems, ICIS 2021 TREOs
PB - Association for Information Systems
T2 - 42nd International Conference on Information Systems: Building Sustainability and Resilience with IS: A Call for Action, ICIS 2021 TREOs
Y2 - 12 December 2021 through 15 December 2021
ER -