| Title | Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Aron Laszka, Mingyi Zhao, Jens Grossklags |
| Conference Name | 21st European Symposium on Research in Computer Security (ESORICS) |
| Date Published | September |
| Abstract | Bug-bounty programs have the potential to harvest the efforts and diverse knowledge of thousands of white hat hackers. As a consequence, they are becoming increasingly popular as a key part of the security culture of organizations. However, bug-bounty programs can be riddled with myriads of invalid vulnerability-report submissions, which are partially the result of misaligned incentives between white hats and organizations. To further improve the effectiveness of bug-bounty programs, we introduce a theoretical model for evaluating approaches for reducing the number of invalid reports. We develop an economic framework and investigate the strengths and weaknesses of existing canonical approaches for effectively incentivizing higher validation efforts by white hats. Finally, we introduce a novel approach, which may improve effi- ciency by enabling different white hats to exert validation effort at their individually optimal levels. |
| URL | https://cps-vo.org/node/38501 |
| Citation Key | LaszkaZhaoGrossklags16_BanishingMisalignedIncentivesForValidatingReportsInBugBounty |
Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms