The purpose of this article to investigate bug bounty schemes, which are programs that offer financial rewards to security researchers working in the gig economy for locating and clarifying vulnerabilities in corporate codebases (Sridhar & Ng, 2021). There is no evidence that the introduction of new businesses onto the HackerOne network results in a reduction in the number of reports that are received by companies, according to the findings of the study.

According to the literature review, bug bounty programs are in a position to aid businesses in locating vulnerabilities in their code that were not previously known about. In the field of programming, the idea states that the detection and correction of a greater number of vulnerabilities can be achieved by more inspection of a software product by a greater number of personnel. In addition to this, it highlights businesses that do not have the reputation necessary to recruit top-tier talent while also providing a channel for freelance hackers to work with (Sridhar & Ng, 2021).

The data indicate that hackers are not sensitive to price, with a median elasticity ranging from 0.1 to 0.2 (Sridhar & Ng, 2021). This indicates that enterprises with limited resources may still be able to reap the benefits of bug bounties. In addition, when compared to organizations operating in other industries, those operating in the banking, retail, and healthcare industries receive a lower number of reports (Sridhar & Ng, 2021). Nevertheless, researchers should collect additional data in order to generate industry coefficient estimates that have a higher level of statistical significance.

Reference

Kiran Sridhar, Ming Ng, Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties, Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab007, https://doi.org/10.1093/cybsec/tyab007