Integrating Cybersecurity Risk Model to the Bug Bounty Program

14 Pages Posted: 6 Sep 2022

See all articles by Xi Zhou

Xi Zhou

Southern University of Science and Technology - School of Business

Shaun S. Wang

Southern University of Science and Technology; Nanyang Technological University; Georgia State University; University of Waterloo

Chulin Xian

Nanyang Technological University

Date Written: August 15, 2022

Abstract

Bug bounty program is a business activity in which firms invite white-hat hackers around the world to identify vulnerabilities in their cyber systems. The paper proposes a model to quantify the normal cybersecurity spending with respect to the importance of information systems. An upper limit of normal cybersecurity spending is provided, which can be described as a percent of the total value of reports received from the bug bounty program. Moreover, this paper presents quantitative analytical modeling for minimizing the total cybersecurity cost of a firm by optimizing its cybersecurity budget plan after implementing the bug bounty program. With the two models, firms can determine not only the amount of cybersecurity spending that should be input to an information system, but also the optimal spending allocation among the segments of the information system. Lastly, this paper analyzes requirements that make implementing bug bounty program a better choice.

Keywords: bug bounty program, cybersecurity, cybersecurity spending, budget plan

JEL Classification: M21, G31, C4

Suggested Citation

Zhou, Xi and Wang, Shaun Shuxun and Xian, Chulin, Integrating Cybersecurity Risk Model to the Bug Bounty Program (August 15, 2022). Available at SSRN: https://ssrn.com/abstract=4190131 or http://dx.doi.org/10.2139/ssrn.4190131

Xi Zhou (Contact Author)

Southern University of Science and Technology - School of Business ( email )

China

Shaun Shuxun Wang

Southern University of Science and Technology ( email )

1088 Xueyuan Avenue
Shenzhen, Guangdong 518055
China
+8615815555369 (Phone)

Nanyang Technological University ( email )

S3-B1B-76 Nanyang Avenue
Singapore
Singapore

Georgia State University ( email )

35 Broad Street
Atlanta, GA 30303-3083
United States

University of Waterloo ( email )

Waterloo, Ontario N2L 3G1
Canada

Chulin Xian

Nanyang Technological University ( email )

S3 B2-A28 Nanyang Avenue
Singapore, 639798
Singapore

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
21
Abstract Views
127
PlumX Metrics