The University of Southampton
University of Southampton Institutional Repository

Web science challenges in researching bug bounties

Web science challenges in researching bug bounties
Web science challenges in researching bug bounties
The act of searching for security flaws (vulnerabilities) in a piece of software was previously considered to be the preserve of malicious actors, or at least actors who wished to cause chaos. Increasingly, however, companies are recognising the value of running a bug bounty program, where they will pay "white hat" hackers to locate and disclose security flaws in their applications in order that they can fix it. This is known as a "bug bounty" or a "vulnerability reward program", and at present has seen comparatively little research. This paper introduces two existing research on bug bounties in two areas: as a means of regulating the sale of vulnerabilities; and as a form of crowdsourcing. We argue that the nature of bug bounties makes Web science particularly suitable to drive forward research. We identify gaps in the current literature, and propose areas which we consider to be particularly promising for future research.
273-277
Association for Computing Machinery
Fryer, Huw
b670da68-c635-41d8-ac4e-dce1a166f2fc
Simperl, Elena
40261ae4-c58c-48e4-b78b-5187b10e4f67
Fryer, Huw
b670da68-c635-41d8-ac4e-dce1a166f2fc
Simperl, Elena
40261ae4-c58c-48e4-b78b-5187b10e4f67

Fryer, Huw and Simperl, Elena (2017) Web science challenges in researching bug bounties. In Proceedings of the 9th ACM Conference on Web Science, WebSci 2017. Association for Computing Machinery. pp. 273-277 . (doi:10.1145/3091478.3091517).

Record type: Conference or Workshop Item (Paper)

Abstract

The act of searching for security flaws (vulnerabilities) in a piece of software was previously considered to be the preserve of malicious actors, or at least actors who wished to cause chaos. Increasingly, however, companies are recognising the value of running a bug bounty program, where they will pay "white hat" hackers to locate and disclose security flaws in their applications in order that they can fix it. This is known as a "bug bounty" or a "vulnerability reward program", and at present has seen comparatively little research. This paper introduces two existing research on bug bounties in two areas: as a means of regulating the sale of vulnerabilities; and as a form of crowdsourcing. We argue that the nature of bug bounties makes Web science particularly suitable to drive forward research. We identify gaps in the current literature, and propose areas which we consider to be particularly promising for future research.

Text
web-science-challenges
Download (409kB)

More information

Published date: 25 June 2017
Organisations: Web & Internet Science

Identifiers

Local EPrints ID: 410366
URI: http://eprints.soton.ac.uk/id/eprint/410366
PURE UUID: 4e7dd01b-d014-49d8-a95e-8ec306727179
ORCID for Elena Simperl: ORCID iD orcid.org/0000-0003-1722-947X

Catalogue record

Date deposited: 07 Jun 2017 16:31
Last modified: 15 Mar 2024 14:07

Export record

Altmetrics

Contributors

Author: Huw Fryer
Author: Elena Simperl ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×