A Bug Bounty Perspective on the Disclosure of Web Vulnerabilities

Ruohonen, Jukka; Allodi, Luca

doi:10.48550/arxiv.1805.09850

Cited by 1 publication

(1 citation statement)

References 55 publications

(122 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To understand how hunters select bugbounty programs, researchers have studied empirical data produced by bug-bounty programs (e.g., vulnerability reports and payments) [2,27,39,46,47,51,54,58,62]. These studies investigate the relationship between hunter activity and various program features, highlighting correlations that might suggest motivations.…”

Section: Market Behaviorsmentioning

confidence: 99%

Bug Hunters' Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem

Akgül¹,

Eghtesad²,

Elazari³

et al. 2023

Preprint

View full text Add to dashboard Cite

Although researchers have characterized the bug-bounty ecosystem from the point of view of platforms and programs, minimal effort has been made to understand the perspectives of the main workers: bug hunters. To improve bug bounties, it is important to understand hunters' motivating factors, challenges, and overall benefits. We address this research gap with three studies: identifying key factors through a free listing survey (n=56), rating each factor's importance with a larger-scale factor-rating survey (n=159), and conducting semi-structured interviews to uncover details (n=24). Of 54 factors that bug hunters listed, we find that rewards and learning opportunities are the most important benefits. Further, we find scope to be the top differentiator between programs. Surprisingly, we find earning reputation to be one of the least important motivators for hunters. Of the challenges we identify, communication problems, such as unresponsiveness and disputes, are the most substantial. We present recommendations to make the bugbounty ecosystem accommodating to more bug hunters and ultimately increase participation in an underutilized market.

show abstract