Software Vulnerabilities and Bug Bounty Programs

24 Pages Posted: 14 May 2020

See all articles by Carsten Bienz

Carsten Bienz

Norwegian School of Economics (NHH)

Steffen Juranek

Norwegian School of Economics (NHH) - Department of Business and Management Science

Date Written: May 12, 2020

Abstract

Many software developers employ bug bounty programs that award a prize for the detection of bugs in their software. We analyze, in a model with asymmetric information, under which conditions a bug bounty program is beneficial for a software developer. In our model, a bug bounty program allows developers to perfectly discriminate between different types of bugs, and help to avoid reputation costs of exploited bugs. We find that the benefits of bounty program do not only depend on the characteristics of the underlying software but also that a bounty program crucially interacts with other elements of the security strategy.

Keywords: Bug bounty program, software security, information technology security, software vulnerability

JEL Classification: M15, M20, L86, D82

Suggested Citation

Bienz, Carsten and Juranek, Steffen, Software Vulnerabilities and Bug Bounty Programs (May 12, 2020). NHH Dept. of Business and Management Science Discussion Paper No. 2020/4, Available at SSRN: https://ssrn.com/abstract=3599013 or http://dx.doi.org/10.2139/ssrn.3599013

Carsten Bienz

Norwegian School of Economics (NHH) ( email )

Helleveien 30
Bergen
Norway

Steffen Juranek (Contact Author)

Norwegian School of Economics (NHH) - Department of Business and Management Science ( email )

Helleveien 30
Bergen, NO-5045
Norway

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
192
Abstract Views
799
Rank
284,996
PlumX Metrics