The Role of Vulnerability Disclosure on Hacker Participation in Bug Bounty Programs

Ali Ahmed, Ho Cheung Brian Lee, Amit Deokar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

In this paper, we have analyzed voluntary vulnerability disclosure and its effects on ethical hackers’ participation in an organization’s bug bounty program. Specifically, we have analyzed the effect of the disclosure of patched vulnerability reports in a bug bounty program and how it affects new hackers’ participation in the program. Using a dataset from a leading bug bounty platform, we have shown that the disclosure of valid vulnerabilities attracts new hackers to the program. We have also found that the disclosure of valid reports also attracts more experienced hackers to the program. However, the disclosure of duplicate, informational, and not-applicable reports decrease the participation of experienced hackers in a program. Our findings broaden our understanding of working with ethical hackers on bug bounty programs. We contribute to the debate in operations management in how organizations’ earlier workflow attracts new and high-quality workers to the programs in an open crowdsourcing platform.

Original languageEnglish (US)
Title of host publication42nd International Conference on Information Systems, ICIS 2021 TREOs
Subtitle of host publication"Building Sustainability and Resilience with IS: A Call for Action"
PublisherAssociation for Information Systems
ISBN (Electronic)9781713893608
StatePublished - 2021
Event42nd International Conference on Information Systems: Building Sustainability and Resilience with IS: A Call for Action, ICIS 2021 TREOs - Austin, United States
Duration: Dec 12 2021Dec 15 2021

Publication series

Name42nd International Conference on Information Systems, ICIS 2021 TREOs: "Building Sustainability and Resilience with IS: A Call for Action"

Conference

Conference42nd International Conference on Information Systems: Building Sustainability and Resilience with IS: A Call for Action, ICIS 2021 TREOs
Country/TerritoryUnited States
CityAustin
Period12/12/2112/15/21

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems

Fingerprint

Dive into the research topics of 'The Role of Vulnerability Disclosure on Hacker Participation in Bug Bounty Programs'. Together they form a unique fingerprint.

Cite this