 Software vulnerabilities and bug bounty programsCarsten Bienz and Steffen Juranek No 2020/4, Discussion Papers from Norwegian School of Economics, Department of Business and Management Science Abstract: Many software developers employ bug bounty programs that award a prize for the detection of bugs in their software. We analyze, in a model with asymmetric information, under which conditions a bug bounty program is beneficial for a software developer. In our model, a bug bounty program allows developers to perfectly discriminate between different types of bugs, and help to avoid reputation costs of exploited bugs. We find that the benefits of bounty program do not only depend on the characteristics of the underlying software but also that a bounty program crucially interacts with other elements of the security strategy. Keywords: Bug bounty program; software security; information technology security; software vulnerability (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:hhs:nhhfms:2020_004 Access Statistics for this paper More papers in Discussion Papers from Norwegian School of Economics, Department of Business and Management Science NHH, Department of Business and Management Science, Helleveien 30, N-5045 Bergen, Norway. Contact information at EDIRC. |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.