Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties
- I ran an empirical study on bug bounties, cybersecurity programs where ethical hackers are compensated for submitting reports to companies, detailing bugs which might be maliciously exploited. Leveraging instrumental variables, I eliminated many potential sources of endogenity, better establishing causality for what motivates hackers to submit reports to programs. Among other things, I rank industries by the number of reports they receive, find that new programs reduce the number of reports submitted to existing programs, compute a price elasticity between .1 and .2 at the median for hackers, and fail to validate the assumption that programs receive fewer reports as they age. This paper provides a snapshot of a rapidly changing––and increasingly important––industry.
|Type of resource
- Use and reproduction
- User agrees that, where applicable, content will not be used to identify or to otherwise infringe the privacy or confidentiality rights of individuals. Content distributed via the Stanford Digital Repository may be subject to additional license and use restrictions applied by the depositor.
- This work is licensed under a Creative Commons Attribution Non Commercial 3.0 Unported license (CC BY-NC).
- Preferred Citation
- Kiran Sridhar. (2019). Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties. Stanford Digital Repository. Available at: https://purl.stanford.edu/wh579dn8571
Stanford University, Department of Economics, Honors ThesesView other items in this collection in SearchWorks
Also listed in
Loading usage metrics...