Balancing Secrecy and Transparency in Bug Bounty Programs.
Saved in:
| Title: | Balancing Secrecy and Transparency in Bug Bounty Programs. |
|---|---|
| Authors: | Telang, Rahul1 (AUTHOR) rtelang@andrew.cmu.edu, Hydari, Muhammad Zia2 (AUTHOR) hydari@alum.mit.edu |
| Source: | Communications of the ACM. Aug2025, Vol. 68 Issue 8, p20-23. 4p. |
| Subjects: | Computer hackers, Computer security vulnerabilities, Internet security, Computer security laws, Organizational transparency, Computer ethics |
| Abstract: | Bug bounty programs (BBPs) allow ethical hackers to identify software vulnerabilities, helping vendors fix flaws before they’re exploited—but vendors often control disclosure, creating a lack of transparency. This secrecy can delay patches, obscure software quality, and leave users uninformed about security risks. While BBPs offer clear benefits, such as reducing uncoordinated disclosures and incentivizing ethical behavior, they also reinforce market asymmetries. The article argues for mandatory disclosure standards and stronger government oversight to balance transparency with vendor incentives, ultimately strengthening cybersecurity and user trust. |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 186913167 AccessLevel: 6 PubType: Periodical PubTypeId: serialPeriodical PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Balancing Secrecy and Transparency in Bug Bounty Programs. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Telang%2C+Rahul%22">Telang, Rahul</searchLink><relatesTo>1</relatesTo> (AUTHOR)<i> rtelang@andrew.cmu.edu</i><br /><searchLink fieldCode="AR" term="%22Hydari%2C+Muhammad+Zia%22">Hydari, Muhammad Zia</searchLink><relatesTo>2</relatesTo> (AUTHOR)<i> hydari@alum.mit.edu</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Communications+of+the+ACM%22">Communications of the ACM</searchLink>. Aug2025, Vol. 68 Issue 8, p20-23. 4p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Computer+hackers%22">Computer hackers</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+vulnerabilities%22">Computer security vulnerabilities</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+security%22">Internet security</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+laws%22">Computer security laws</searchLink><br /><searchLink fieldCode="DE" term="%22Organizational+transparency%22">Organizational transparency</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+ethics%22">Computer ethics</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Bug bounty programs (BBPs) allow ethical hackers to identify software vulnerabilities, helping vendors fix flaws before they’re exploited—but vendors often control disclosure, creating a lack of transparency. This secrecy can delay patches, obscure software quality, and leave users uninformed about security risks. While BBPs offer clear benefits, such as reducing uncoordinated disclosures and incentivizing ethical behavior, they also reinforce market asymmetries. The article argues for mandatory disclosure standards and stronger government oversight to balance transparency with vendor incentives, ultimately strengthening cybersecurity and user trust. |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=186913167 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1145/3724077 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 4 StartPage: 20 Subjects: – SubjectFull: Computer hackers Type: general – SubjectFull: Computer security vulnerabilities Type: general – SubjectFull: Internet security Type: general – SubjectFull: Computer security laws Type: general – SubjectFull: Organizational transparency Type: general – SubjectFull: Computer ethics Type: general Titles: – TitleFull: Balancing Secrecy and Transparency in Bug Bounty Programs. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Telang, Rahul – PersonEntity: Name: NameFull: Hydari, Muhammad Zia IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 08 Text: Aug2025 Type: published Y: 2025 Identifiers: – Type: issn-print Value: 00010782 Numbering: – Type: volume Value: 68 – Type: issue Value: 8 Titles: – TitleFull: Communications of the ACM Type: main |
| ResultId | 1 |