What’s the Value of Bug Bounty Programs?
The exploratory study aims to develop an economic model to assess the value of Vulnerability Reward (Bug Bounty) programs, in which software companies offer compensation to outside hackers who find vulnerabilities and disclose responsibly.
Research Question: What’s The Value of Bug Bounty Programs?
- Financial Value : e.g. more efficient bug discovery process
- Business / Organizational Value: e.g. a new source for HR hiring
- Reputational Value: e.g. company is considered “more secure”
- Technology Value: e.g. effect of program on product feature R&D
- Legal/ Liability Value: e.g. lower cyber insurance premium