Scandinavian Working Papers in Business Administration
Discussion Papers,
Norwegian School of Economics, Department of Business and Management Science
No 2020/4: Software vulnerabilities and bug bounty programs
Carsten Bienz () and Steffen Juranek ()
Additional contact information
Carsten Bienz: Dept. of Finance, Norwegian School of Economics, Postal: NHH , Department of Finance, Helleveien 30, N-5045 Bergen, Norway
Steffen Juranek: Dept. of Business and Management Science, Norwegian School of Economics, Postal: NHH , Department of Business and Management Science, Helleveien 30, N-5045 Bergen, Norway
Abstract: Many software developers employ bug bounty programs that award a prize for the detection of bugs in their software. We analyze, in a model with asymmetric information, under which conditions a bug bounty program is beneficial for a software developer. In our model, a bug bounty program allows developers to perfectly discriminate between different types of bugs, and help to avoid reputation costs of exploited bugs. We find that the benefits of bounty program do not only depend on the characteristics of the underlying software but also that a bounty program crucially interacts with other elements of the security strategy.
Keywords: Bug bounty program; software security; information technology security; software vulnerability
22 pages, May 12, 2020
Full text files
2654088Full text
- Norwegian School of Economics, Department of Business and Management Science
- Ordering Working Papers
- Home page for this series
Questions (including download problems) about the papers in this series should be directed to Stein Fossen ()
Report other problems with accessing this service to Sune Karlsson ().
This page generated on 2024-03-14 04:36:16.