A Survey of Bug Bounty Programs in Strengthening Cybersecurity and Privacy in the Blockchain Industry-Reference-Cited by-同舟云学术

A Survey of Bug Bounty Programs in Strengthening Cybersecurity and Privacy in the Blockchain Industry

Published:2024-07-08 Issue:3 Volume:2 Page:195-216
ISSN:2813-5288
Container-title:Blockchains
language:en
Short-container-title:Blockchains

Author:

Arshad Junaid¹,Talha Muhammad¹^ORCID,Saleem Bilal¹^ORCID,Shah Zoha¹,Zaman Huzaifa¹,Muhammad Zia²³^ORCID

Affiliation:

1. Department of Cyber Security, Air University, Islamabad 44000, Pakistan

2. Department of Computer Science, North Dakota State University, Fargo, ND 58102, USA

3. Department of Computer Science and Technology, University of Jamestown, Jamestown, ND 58405, USA

Abstract

The increasing reliance on computer networks and blockchain technology has led to a growing concern for cybersecurity and privacy. The emergence of zero-day vulnerabilities and unexpected exploits has highlighted the need for innovative solutions to combat these threats. Bug bounty programs have gained popularity as a cost-effective way to crowdsource the task of identifying vulnerabilities, providing a secure and efficient means of enhancing cybersecurity. This paper provides a comprehensive survey of various free and paid bug bounty programs in the computer networks and blockchain industry, evaluating their effectiveness, impact, and credibility. The study explores the structure, incentives, and nature of vulnerabilities uncovered by these programs, as well as their unique value proposition. A comparative analysis is conducted to identify advantages and disadvantages, highlighting the strengths and weaknesses of each program. The paper also examines the role of ethical hackers in bug bounty programs and their contributions to strengthening cybersecurity and privacy. Finally, the study concludes with recommendations for addressing the challenges faced by bug bounty programs and suggests potential future directions to enhance their impact on computer networks and blockchain security.

Publisher

MDPI AG

Link

https://www.mdpi.com/2813-5288/2/3/10/pdf

Reference89 articles.

1. Security Intelligence (2024, March 02). Are Bug Bounty Programs Worth It?. Available online: https://securityintelligence.com/articles/are-bug-bounty-programs-worth-it/.

2. Optimal Launch Timing of Bug Bounty Programs for Software Products under Different Licensing Models;Feng;J. Assoc. Inf. Syst.,2024

3. Walshe, T., and Simpson, A. (2020, January 18). An empirical study of bug bounty programs. Proceedings of the 2020 IEEE 2nd International Workshop on Intelligent Bug Fixing (IBF), London, ON, Canada.

4. Sinha, S. (2019). Bug Bounty Hunting for Web Security, Springer.

5. Tianlu, Z., Ma, D., and Nan, F. (2024, April 25). The Use of Bug Bounty Programs for Software Reliability Improvement 2023. Available online: https://aisel.aisnet.org/pacis2023/99.