Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
What We Know About Bug Bounty Programs - An Exploratory Systematic Mapping Study
RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems.
RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems.ORCID iD: 0000-0002-7018-8542
RISE Research Institutes of Sweden.
2019 (English)In: International Workshop on Socio-Technical Aspects in Security and Trust STAST 2019: Socio-Technical Aspects in Security and Trust. Part of the Lecture Notes in Computer Science book series (LNCS, volume 11739), Springer Science and Business Media Deutschland GmbH , 2019, p. 89-106Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents a systematic mapping study of the research on crowdsourced security vulnerability discovery. The aim is to identify aspects of bug bounty program (BBP) research that relate to product owners, the bug-hunting crowd or vulnerability markets. Based on 72 examined papers, we conclude that research has mainly been focused on the organisation of BBPs from the product owner perspective, but that aspects such as mechanisms of the white vulnerability market and incentives for bug hunting have also been addressed. With the increasing importance of cyber security, BBPs need more attention in order to be understood better. In particular, datasets from more diverse types of companies (e.g. safety-critical systems) should be added, as empirical studies are generally based on convenience sampled public data sets. Also, there is a need for more in-depth, qualitative studies in order to understand what drives bug hunters and product owners towards finding constructive ways of working together. 

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2019. p. 89-106
Keywords [en]
Bug bounty, Literature review, Systematic mapping, Commerce, Digital storage, Safety engineering, Security of data, Bug hunting, Cyber security, Empirical studies, Public data, Qualitative study, Safety critical systems, Security vulnerabilities, Systematic mapping studies, Mapping
National Category
Embedded Systems
Identifiers
URN: urn:nbn:se:ri:diva-55674DOI: 10.1007/978-3-030-55958-8_5Scopus ID: 2-s2.0-85111025705ISBN: 9783030559571 (print)OAI: oai:DiVA.org:ri-55674DiVA, id: diva2:1583713
Conference
International Workshop on Socio-Technical Aspects in Security and Trust STAST 2019: Socio-Technical Aspects in Security and Trust. . 26 September 2019 through 26 September 2019
Available from: 2021-08-09 Created: 2021-08-09 Last updated: 2021-08-09Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Mellegård, Niklas

Search in DiVA

By author/editor
Mellegård, Niklas
By organisation
Mobility and SystemsRISE Research Institutes of Sweden
Embedded Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 242 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf