Sign in to use this feature.

Years

Between: -

Subjects

remove_circle_outline
remove_circle_outline

Journals

Article Types

Countries / Regions

Search Results (4)

Search Parameters:
Keywords = bug bounty programs

Order results
Result details
Results per page
Select all
Export citation of selected articles as:
24 pages, 651 KiB  
Article
Security Investment and Pricing Decisions in Competitive Software Markets: Bug Bounty and In-House Strategies
by Netnapha Chamnisampan
Systems 2025, 13(7), 552; https://doi.org/10.3390/systems13070552 - 7 Jul 2025
Viewed by 428
Abstract
In increasingly competitive digital markets, software firms must strategically balance cybersecurity investments and pricing decisions to attract consumers while safeguarding their platforms. This study develops a game-theoretic model in which two competing firms choose among three cybersecurity strategies—no action, bug bounty programs, and [...] Read more.
In increasingly competitive digital markets, software firms must strategically balance cybersecurity investments and pricing decisions to attract consumers while safeguarding their platforms. This study develops a game-theoretic model in which two competing firms choose among three cybersecurity strategies—no action, bug bounty programs, and in-house protection—before setting prices. We demonstrate that cybersecurity efforts and pricing are interdependent: investment choices significantly alter market outcomes by influencing consumer trust and competitive dynamics. Our analysis reveals that a bug bounty program is preferable when consumer sensitivity to security and the probability of ethical vulnerability disclosures are high, while in-house protection becomes optimal when firms must rebuild credibility from a weaker competitive position. Furthermore, initial service quality gaps between firms critically shape both investment intensity and pricing behavior. By jointly endogenizing security efforts and prices, this study offers new insights into strategic cybersecurity management and provides practical guidance for software firms seeking to integrate security initiatives with competitive pricing strategies. Full article
(This article belongs to the Section Systems Practice in Social Science)
Show Figures

Figure 1

17 pages, 1082 KiB  
Article
From Breakers to Builders: The Role of Bug Bounty Hunters in Strengthening Organizational Cybersecurity
by Gulet Barre
Information 2025, 16(3), 209; https://doi.org/10.3390/info16030209 - 7 Mar 2025
Viewed by 1930
Abstract
Services rendered by bug hunters have increasingly become an indispensable component of the security culture of organizations. By pre-emptively locating vulnerabilities in their information systems, organizations reduce the risk and the potential impact of cyberattacks. Numerous studies have been conducted on this phenomenon; [...] Read more.
Services rendered by bug hunters have increasingly become an indispensable component of the security culture of organizations. By pre-emptively locating vulnerabilities in their information systems, organizations reduce the risk and the potential impact of cyberattacks. Numerous studies have been conducted on this phenomenon; however, the motivational factors driving bug bounty hunters remain underexplored. The present paper aims to further investigate the factors that affect the behavioral intentions of bug hunters by empirically studying 386 computer security professionals across the world. We found that the attitudes behind bug hunters’ intentions are formed by exposure as well as their curiosity regarding the topic, which in turn is modulated by their intrinsic and extrinsic motivations. Our study further highlights the impetus behind effective management of cybersecurity personnel. Full article
(This article belongs to the Section Information Security and Privacy)
Show Figures

Figure 1

22 pages, 817 KiB  
Article
A Survey of Bug Bounty Programs in Strengthening Cybersecurity and Privacy in the Blockchain Industry
by Junaid Arshad, Muhammad Talha, Bilal Saleem, Zoha Shah, Huzaifa Zaman and Zia Muhammad
Blockchains 2024, 2(3), 195-216; https://doi.org/10.3390/blockchains2030010 - 8 Jul 2024
Cited by 3 | Viewed by 6799
Abstract
The increasing reliance on computer networks and blockchain technology has led to a growing concern for cybersecurity and privacy. The emergence of zero-day vulnerabilities and unexpected exploits has highlighted the need for innovative solutions to combat these threats. Bug bounty programs have gained [...] Read more.
The increasing reliance on computer networks and blockchain technology has led to a growing concern for cybersecurity and privacy. The emergence of zero-day vulnerabilities and unexpected exploits has highlighted the need for innovative solutions to combat these threats. Bug bounty programs have gained popularity as a cost-effective way to crowdsource the task of identifying vulnerabilities, providing a secure and efficient means of enhancing cybersecurity. This paper provides a comprehensive survey of various free and paid bug bounty programs in the computer networks and blockchain industry, evaluating their effectiveness, impact, and credibility. The study explores the structure, incentives, and nature of vulnerabilities uncovered by these programs, as well as their unique value proposition. A comparative analysis is conducted to identify advantages and disadvantages, highlighting the strengths and weaknesses of each program. The paper also examines the role of ethical hackers in bug bounty programs and their contributions to strengthening cybersecurity and privacy. Finally, the study concludes with recommendations for addressing the challenges faced by bug bounty programs and suggests potential future directions to enhance their impact on computer networks and blockchain security. Full article
(This article belongs to the Special Issue Key Technologies for Security and Privacy in Web 3.0)
Show Figures

Figure 1

15 pages, 1266 KiB  
Review
Automotive Vulnerability Disclosure: Stakeholders, Opportunities, Challenges
by Robin Bolz and Reiner Kriesten
J. Cybersecur. Priv. 2021, 1(2), 274-288; https://doi.org/10.3390/jcp1020015 - 6 May 2021
Cited by 6 | Viewed by 9227
Abstract
Since several years, the overall awareness for the necessity to consider a vehicle as a potentially vulnerable system is facing accelerated growth. In 2015, the safety relevant exploitability of vulnerabilities through cyber attacks was exposed to a broader public for the first time. [...] Read more.
Since several years, the overall awareness for the necessity to consider a vehicle as a potentially vulnerable system is facing accelerated growth. In 2015, the safety relevant exploitability of vulnerabilities through cyber attacks was exposed to a broader public for the first time. Only a few months after this attack has reached public awareness, affected manufacturer implemented one of the first bug bounty programs within the automotive field. Since then, many others followed by adapting some of ITs good practices for handling and responsibly disclose found and reported vulnerabilities for the automotive field. Nevertheless, this work points out that much remains to be done concerning quantity and quality of these measures. In order to cope with this, this present paper deals with what can be learned from IT and which conclusions can be drawn from these findings in the light of special conditions in the automotive environment. Furthermore, current handling and challenges regarding the disclosure process of vulnerabilities in the automotive sector are presented. These challenges are addressed by discussing desirable conditions for a beneficial disclosure culture as well as requirements and responsibilities of all parties involved in the disclosure process. Full article
(This article belongs to the Special Issue Cybersecurity in the Transportation Ecosystem)
Show Figures

Figure 1

Back to TopTop