Seminario di Informatica: “Bug Bounty Platforms: Empirical Analysis and Economic Challenges”

Lunedì 11 Settembre 2017, ore 11:00 - Sala Riunioni VII Piano - Jens Grossklags


Lunedì 11 Settembre 2017 alle ore 11:00 in Sala Riunioni VII Piano, Jens Grossklags (TU München) terrà un seminario dal titolo “Bug Bounty Platforms: Empirical Analysis and Economic Challenges”.

Despite significant progress in software-engineering practices, software utilized for web and mobile computing remains insecure. At the same time, the consumer and business information handled by these programs is growing in its richness and monetization potential, which triggers significant privacy and security concerns.
In response to these challenges, companies are increasingly harvesting the potential of external (ethical) security researchers through bug bounty programs to crowdsource efforts to find and ameliorate security vulnerabilities. More recently, several commercial bug bounty platforms have emerged (e.g., HackerOne, BugCrowd, Cobalt, Wooyun) which successfully facilitate the process of building and maintaining bug bounty programs for organizations. To cite just one success story, on HackerOne, more than 40,000 security vulnerabilities have been reported and fixed for hundreds of organizations.
In this talk, I will discuss our research over the last three years which systematically studies these platforms. In particular, I will present empirical results demonstrating the growing popularity and practical contributions of two of these platforms, HackerOne and Wooyun. Unfortunately, the data also reveals a number of economic challenges which may limit the success of these platforms in the future. To respond to these hurdles, I will discuss different economic policies to improve their efficiency. I will close with a conversation about pressing policy considerations.
The talk is based on joint work with Mingyi Zhao, Aron Laszka, and Thomas Maillart.

Download Seminari di Informatica