Discussion paper

DP19047 Artificial Bugs for Bug Bounty

Bug bounty programs, where external agents are invited to search and report vulnerabilities (bugs) in exchange for rewards (bounty), have become a major tool for companies to improve their systems. We suggest augmenting such programs by inserting artificial bugs to increase the incentives to search for real (organic) bugs. Using a model of crowdsearch, we identify the efficiency gains by artificial bugs, and we show that for this, it is sufficient to insert only one artificial bug. Artificial bugs are particularly beneficial, for instance, if the designer places high valuations on finding organic bugs or if the budget for bounty is not sufficiently high. We discuss how to implement artificial bugs and outline their further benefits.

£6.00
Citation

Gersbach, H, F Pitsuwan and P Blieske (2024), ‘DP19047 Artificial Bugs for Bug Bounty‘, CEPR Discussion Paper No. 19047. CEPR Press, Paris & London. https://cepr.org/publications/dp19047

CEPR Symp
12 December
Conference

CEPR Paris Symposium

CEPR Paris Symposium 2024

12 Dec 2024 - 18 Dec 2024

Closes at 08:00