EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Navigating vulnerability markets and bug bounty programs: A public policy perspective

Aviram Zrahia

Internet Policy Review: Journal on Internet Regulation, 2024, vol. 13, issue 1, 1-30

Abstract: As societies become increasingly dependent on digital means, organisations seek ways to prevent software exploitation by eliminating vulnerabilities or acquiring them as products. However, there is an ongoing debate regarding the extent to which governments should become involved in markets for vulnerability sharing. This paper examines the economics of vulnerabilities and outlines possible areas for governmental interventions. I survey three policy alternatives to support the discovery and disclosure of software vulnerabilities: integrating security and penetration testing into the software development life cycle, acquiring exploitable critical vulnerabilities by governments, and promoting bug bounty programs and platforms as vulnerability-sharing structures. For each suggested alternative, I present an impact matrix to qualitatively measure the effectiveness and efficiency of the vulnerability discovery process and the attractiveness, legality and trustworthiness of the disclosure process. I argue that bug bounty programs that bring together organisations and ethical hackers to trade vulnerabilities produce the highest impact. These gig economy structures are often based on two-sided digital market platforms as their foundation and offer a low entry barrier and assurance level for both market players. The discussion provides a foundation for governmental decision-makers to design effective policies for sharing vulnerabilities.

Keywords: Cybersecurity policy; Bug bounty programs; Economics of vulnerabilities; Digital market; Vulnerability sharing (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.econstor.eu/bitstream/10419/285315/1/1882772466.pdf (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:zbw:iprjir:285315

DOI: 10.14763/2024.1.1740

Access Statistics for this article

More articles in Internet Policy Review: Journal on Internet Regulation from Alexander von Humboldt Institute for Internet and Society (HIIG), Berlin
Bibliographic data for series maintained by ZBW - Leibniz Information Centre for Economics (econstor@zbw-workspace.eu).

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to econpapers@oru.se.

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:zbw:iprjir:285315