Corpus ID: 221836744

Proposal of a Novel Bug Bounty Implementation Using Gamification

@article{OHare2020ProposalOA,
  title={Proposal of a Novel Bug Bounty Implementation Using Gamification},
  author={Jamie O'Hare and Lynsay A. Shepherd},
  journal={ArXiv},
  year={2020},
  volume={abs/2009.10158}
}
Despite significant popularity, the bug bounty process has remained broadly unchanged since its inception, with limited implementation of gamification aspects. Existing literature recognises that current methods generate intensive resource demands, and can encounter issues impacting program effectiveness. This paper proposes a novel bug bounty process aiming to alleviate resource demands and mitigate inherent issues. Through the additional crowdsourcing of report verification where fellow… Expand

Figures and Tables from this paper

References

SHOWING 1-10 OF 48 REFERENCES
Bug Bounty Programs for Cybersecurity: Practices, Issues, and Recommendations
TLDR
This work analyzes and recommends best practices in five main BBP areas: scoping of BBPs, timing of crowd engagement, submission quality, firm-researcher communication, and hacker motivation. Expand
Hacker powered security testing
  • https://www.hackerone.com/.
  • 2020
Gamified learning in higher education: A systematic review of the literature
TLDR
A systematic literature review of game-based learning systems, frameworks that integrate game design elements, and various implementations of gamification in higher education to identify how gamified learning systems can be used and categorize its usefulness inHigher education. Expand
Understanding the Heterogeneity of Contributors in Bug Bounty Programs
  • Hideaki Hata, M. Guo, M. Babar
  • Computer Science
  • 2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)
  • 2017
TLDR
There are project-specific and non-specific contributors who have different motivations for contributing to the products and organizations and these findings provide insights to make bug bounty programs better and for further studies of new software development roles. Expand
52 Gamification Mechanics and Elements
  • https://www.gamified.uk/user-
  • 2020
Dropbox bug bounty program has paid out over $1,000,000
  • 2020
Gamification can be so much more than points if we let it
  • https://www.gamified.uk/2020/05/30/gamificationcan-be-so-much-more-than-points-if-we-let-it/ (Accessed 7 September 2020).
  • 2020
Program rules - application security
  • https://www.google.com/about/appsecurity/rewardprogram/.
  • 2020
Hackers vs
  • testers: A comparison of software vulnerability discovery processes. In 2018 IEEE Symposium on Security and Privacy (SP), pages 374–391. IEEE.
  • 2018
Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes
TLDR
A semi-structured interview study with both testers and hackers, focusing on how each group finds vulnerabilities, how they develop their skills, and the challenges they face, suggests that hackers and testers follow similar processes, but get different results due largely to differing experiences. Expand
...
1
2
3
4
5
...