• Title/Summary/Keyword: bounty bug

Search Result 2, Processing Time 0.015 seconds

Problems and Solutions of the Korean Bug Bounty Program (한국 버그 바운티 프로그램의 제도적인 문제점과 해결방안)

  • Park, Hye Sung;Kwon, Hun Yeong
    • Journal of Information Technology Services
    • /
    • v.18 no.5
    • /
    • pp.53-70
    • /
    • 2019
  • As information security becomes more important as the fourth industrial revolution gradually emerges, an efficient and effective way to find vulnerabilities in information systems is becoming an essential requirement of information security. As the point of the protection of current information and the protection of the future industry, the Korean government has paid attention to the bug bounty, which has been recognized for its efficiency and effectiveness and has implemented through the Korea Internet Security Agency's S/W vulnerability bug bounty program. However, there are growing problems about the S/W vulnerability bug bounty program of the Korea Internet Security Agency, which has been operating for about 7 years. The purpose of this study is to identify the problems in Korean bug bounty policies through the characteristics of the bug bounty program, and to suggest the direction of the government's policy to activate the bug bounty like changes in the government's approach utilizing the market.

An Analysis on Employing Developer Profit Incentive to Expedite Open Source Software Development

  • Sohn, Jung-woo;Ko, Yohan;Yun, Younguk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.11
    • /
    • pp.257-270
    • /
    • 2022
  • This paper analyzes the effect of profit incentives within the setting of bounty open source project. A simple decision-making model based on classical utility maximization is presented for open source developers that includes income effects from the bounty prize. We then simulate the decisions of multiple developers to assess the effect from the bounty prize. Our result shows that learning costs can greatly reduce the software quality improvement benefit from bounty project. It also suggests that open source projects can benefit more when they have multiple small bounty projects than a single large bounty project since it reduces the learning cost and the opportunity cost for the open source developers.