Balancing Secrecy and Transparency in Bug Bounty Programs.

Saved in:
Bibliographic Details
Title: Balancing Secrecy and Transparency in Bug Bounty Programs.
Authors: Telang, Rahul1 (AUTHOR) rtelang@andrew.cmu.edu, Hydari, Muhammad Zia2 (AUTHOR) hydari@alum.mit.edu
Source: Communications of the ACM. Aug2025, Vol. 68 Issue 8, p20-23. 4p.
Subjects: Computer hackers, Computer security vulnerabilities, Internet security, Computer security laws, Organizational transparency, Computer ethics
Abstract: Bug bounty programs (BBPs) allow ethical hackers to identify software vulnerabilities, helping vendors fix flaws before they’re exploited—but vendors often control disclosure, creating a lack of transparency. This secrecy can delay patches, obscure software quality, and leave users uninformed about security risks. While BBPs offer clear benefits, such as reducing uncoordinated disclosures and incentivizing ethical behavior, they also reinforce market asymmetries. The article argues for mandatory disclosure standards and stronger government oversight to balance transparency with vendor incentives, ultimately strengthening cybersecurity and user trust.
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 186913167
AccessLevel: 6
PubType: Periodical
PubTypeId: serialPeriodical
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Balancing Secrecy and Transparency in Bug Bounty Programs.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Telang%2C+Rahul%22">Telang, Rahul</searchLink><relatesTo>1</relatesTo> (AUTHOR)<i> rtelang@andrew.cmu.edu</i><br /><searchLink fieldCode="AR" term="%22Hydari%2C+Muhammad+Zia%22">Hydari, Muhammad Zia</searchLink><relatesTo>2</relatesTo> (AUTHOR)<i> hydari@alum.mit.edu</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Communications+of+the+ACM%22">Communications of the ACM</searchLink>. Aug2025, Vol. 68 Issue 8, p20-23. 4p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+hackers%22">Computer hackers</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+vulnerabilities%22">Computer security vulnerabilities</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+security%22">Internet security</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+laws%22">Computer security laws</searchLink><br /><searchLink fieldCode="DE" term="%22Organizational+transparency%22">Organizational transparency</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+ethics%22">Computer ethics</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Bug bounty programs (BBPs) allow ethical hackers to identify software vulnerabilities, helping vendors fix flaws before they’re exploited—but vendors often control disclosure, creating a lack of transparency. This secrecy can delay patches, obscure software quality, and leave users uninformed about security risks. While BBPs offer clear benefits, such as reducing uncoordinated disclosures and incentivizing ethical behavior, they also reinforce market asymmetries. The article argues for mandatory disclosure standards and stronger government oversight to balance transparency with vendor incentives, ultimately strengthening cybersecurity and user trust.
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=186913167
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1145/3724077
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 4
        StartPage: 20
    Subjects:
      – SubjectFull: Computer hackers
        Type: general
      – SubjectFull: Computer security vulnerabilities
        Type: general
      – SubjectFull: Internet security
        Type: general
      – SubjectFull: Computer security laws
        Type: general
      – SubjectFull: Organizational transparency
        Type: general
      – SubjectFull: Computer ethics
        Type: general
    Titles:
      – TitleFull: Balancing Secrecy and Transparency in Bug Bounty Programs.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Telang, Rahul
      – PersonEntity:
          Name:
            NameFull: Hydari, Muhammad Zia
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 08
              Text: Aug2025
              Type: published
              Y: 2025
          Identifiers:
            – Type: issn-print
              Value: 00010782
          Numbering:
            – Type: volume
              Value: 68
            – Type: issue
              Value: 8
          Titles:
            – TitleFull: Communications of the ACM
              Type: main
ResultId 1