Jahmeel C
Week 11 – Journal Entry 13
The study by Kiran Sridhar and Ming Ng examines the effectiveness of bug bounty programs,
where companies pay researchers to find vulnerabilities in their systems. Analyzing over 50,000
bug reports from Hacker One, the study finds that hacker participation is largely driven by non-
monetary factors with a low-price elasticity of supply 0.1 to 0.2. Newer hackers are more price
sensitive, while experienced ones are less so. The research shows that company size and brand
influence revenue or Twitter followers have little effect on the number of reports received
suggesting that bug bounty programs benefit companies of all sizes. However, sectors like
finance, healthcare, and retail tend to receive fewer valid reports possibly due to perceived risks
in these high-stakes industries.
New bug bounty programs do not significantly reduce reports to existing ones, indicating a
growing pool of hackers. older programs often see a decline in valid reports over time as easy
vulnerabilities are discovered. Expanding program scope can help maintain engagement.
The study highlights the need for further research to better understand factors influencing hacker
participation and the effectiveness of bug bounty programs in improving cybersecurity.