Leveraging Crowd Effectively: Bug Bounty Programs for Cybersecurity & Best Practices


Paper by Suresh Siva Malladi and Hemang Subramanian: “Drawing upon crowdsourcing models, bug bounty programs (BBPs) are entering the mainstream of information security with the potential to define future security strategies. However, current approaches in BBPs are limiting. We highlight prominent issues affecting BBPs and suggest actionable best practices to enhance effectiveness. We elaborate the role of scoping and incentives in recruiting and retaining talent. We explain methods to augment quality and mitigate negativity. We urge for a proactive stance to mitigate the unique challenges in BBPs. This paper contributes to inform BBP research and practice. Our recommendations will also guide crowdsourcing and other competence sourcing strategies….(More)”.