Skip to main content
SpringerLink
Log in

Crowdsourcing Software Vulnerability Discovery: Models, Dimensions, and Directions

  • Conference paper
  • First Online:
Web Information Systems Engineering – WISE 2021 (WISE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 13080))

Included in the following conference series:

  • 1454 Accesses

Abstract

Software systems prove indispensable amongst a variety of fields. With our increasing reliance on them coupled with their heightened complexity, the demand for protection increases as well. In this article, we explore how crowdsourcing could be used for vulnerability discovery. We examine the models of crowdsourcing that has been applied in vulnerability discovery, identify dimensions of this crowdsourced task, and discuss applicable concerns and future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2019-june-2020.

  2. 2.

    www.theregister.co.uk/2016/02/22/bug_bounty_feature.

  3. 3.

    www.mozilla.org/en-US/security/bug-bounty.

  4. 4.

    blog.chromium.org/2015/02/pwnium-v-never-ending-pwnium.html.

  5. 5.

    techcrunch.com/2013/08/18/security-researcher-hacks-mark-zuckerbergs-wall-to-prove-his-exploit-works.

  6. 6.

    www.topcoder.com.

  7. 7.

    www.blackhat.com.

References

  1. Finifter, M., Akhawe, D., Wagner, D.: An empirical study of vulnerability rewards programs. In: Proceedings of the 22Nd USENIX Conference on Security, pp. 273–288 (2013)

    Google Scholar 

  2. Maillart, T., Zhao, M., Grossklags, J., Chuang, J.: Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs. J. Cybersecur. 3, 81–90 (2017)

    Article  Google Scholar 

  3. Zhao, M., Grossklags, J., Liu, P.: An empirical study of web vulnerability discovery ecosystems. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS 2015, pp. 1105–1117 (2015)

    Google Scholar 

  4. LaToza, T., van der Hoek, A.: Crowdsourcing in software engineering: models, motivations, and challenges. IEEE Softw. 33(1), 74–80 (2016)

    Article  Google Scholar 

  5. Al-Banna, M., Benatallah, B., Schlagwein, D., Bertino, E., Barukh, M.: Friendly hackers to the rescue: how organizations perceive crowdsourced vulnerability discovery. In: Pacific Asia Conference on Information Systems (PACIS) (2018)

    Google Scholar 

  6. Malone, T.W., Laubacher, R., Dellarocas, C.: The collective intelligence genome. IEEE Eng. Manag. Rev. 38(3), 38 (2010)

    Article  Google Scholar 

  7. Laszka, A., Zhao, M., Grossklags, J.: Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms, pp. 161–178. Springer, Cham (2016)

    Google Scholar 

  8. Zhao, M., Grossklags, J., Chen, K.: An exploratory study of white hat behaviors in a web vulnerability disclosure program. In: Proceedings of the 2014 ACM Workshop on Security Information Workers - SIW 2014, pp. 51–58 (2014)

    Google Scholar 

  9. Votipka, D., Stevens, R., Redmiles, E., Hu, J., Mazurek, M.: Hackers vs. testers: a comparison of software vulnerability discovery processes. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 374–391 (2018)

    Google Scholar 

  10. Al-Banna, M., Benatallah, B., Barukh, M.C.: Software security professionals: expertise indicators. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 139–148 (2016)

    Google Scholar 

  11. LaToza, T.D., Ben Towne, W., Adriano, C.M., van der Hoek, A.: Microtask programming. In: Proceedings of the 27th Annual ACM Symposium on User Interface Software and Technology - UIST 2014, pp. 43–54 (2014)

    Google Scholar 

  12. Gamero-Garrido, A., Savage, S., Levchenko, K., Snoeren, A.C.: Quantifying the pressure of legal risks on third-party vulnerability research. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS 2017, pp. 1501–1513 (2017)

    Google Scholar 

  13. Zhao, M., Laszka, A., Grossklags, J.: Devising effective policies for bug-bounty platforms and security vulnerability discovery. J. Inf. Policy 7, 372 (2017)

    Article  Google Scholar 

  14. Su, H.-J., Pan, J.-Y.: Crowdsourcing platform for collaboration management in vulnerability verification. In: 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 1–4 (2016)

    Google Scholar 

  15. Gadiraju, U., Kawase, R., Dietze, S.: Understanding malicious behavior in crowdsourcing platforms: the case of online surveys. In: 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 1631–1640 (2015)

    Google Scholar 

  16. Krivosheev, E., Casati, F., Baez, M., Benatallah, B.: Combining crowd and machines for multi-predicate item screening. Proc. ACM Hum.-Comput. Interact. 2(CSCW), 1–18 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UNSW, Sydney, Australia

    Mortada Al-Banna, Boualem Benatallah, Moshe C. Barukh & Salil Kanhere

  2. Purdue University, West Lafayette, USA

    Elisa Bertino

Authors
  1. Mortada Al-Banna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Boualem Benatallah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Moshe C. Barukh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Salil Kanhere
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mortada Al-Banna .

Editor information

Editors and Affiliations

  1. School of Computer Science and Engineering, University of New South Wales, Sydney, Australia

    Wenjie Zhang

  2. Peking University, Beijing, China

    Lei Zou

  3. Zayed University, Dubai, United Arab Emirates

    Zakaria Maamar

  4. Swinburne University of Technology, Melbourne, VIC, Australia

    Lu Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al-Banna, M., Benatallah, B., Barukh, M.C., Bertino, E., Kanhere, S. (2021). Crowdsourcing Software Vulnerability Discovery: Models, Dimensions, and Directions. In: Zhang, W., Zou, L., Maamar, Z., Chen, L. (eds) Web Information Systems Engineering – WISE 2021. WISE 2021. Lecture Notes in Computer Science(), vol 13080. Springer, Cham. https://doi.org/10.1007/978-3-030-90888-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90888-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90887-4

  • Online ISBN: 978-3-030-90888-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation