Software Vulnerabilities and Bug Bounty Programs
24 Pages Posted: 14 May 2020
Date Written: May 12, 2020
Abstract
Many software developers employ bug bounty programs that award a prize for the detection of bugs in their software. We analyze, in a model with asymmetric information, under which conditions a bug bounty program is beneficial for a software developer. In our model, a bug bounty program allows developers to perfectly discriminate between different types of bugs, and help to avoid reputation costs of exploited bugs. We find that the benefits of bounty program do not only depend on the characteristics of the underlying software but also that a bounty program crucially interacts with other elements of the security strategy.
Keywords: Bug bounty program, software security, information technology security, software vulnerability
JEL Classification: M15, M20, L86, D82
Suggested Citation: Suggested Citation