Abstract
Software systems prove indispensable amongst a variety of fields. With our increasing reliance on them coupled with their heightened complexity, the demand for protection increases as well. In this article, we explore how crowdsourcing could be used for vulnerability discovery. We examine the models of crowdsourcing that has been applied in vulnerability discovery, identify dimensions of this crowdsourced task, and discuss applicable concerns and future research directions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
References
Finifter, M., Akhawe, D., Wagner, D.: An empirical study of vulnerability rewards programs. In: Proceedings of the 22Nd USENIX Conference on Security, pp. 273–288 (2013)
Maillart, T., Zhao, M., Grossklags, J., Chuang, J.: Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs. J. Cybersecur. 3, 81–90 (2017)
Zhao, M., Grossklags, J., Liu, P.: An empirical study of web vulnerability discovery ecosystems. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS 2015, pp. 1105–1117 (2015)
LaToza, T., van der Hoek, A.: Crowdsourcing in software engineering: models, motivations, and challenges. IEEE Softw. 33(1), 74–80 (2016)
Al-Banna, M., Benatallah, B., Schlagwein, D., Bertino, E., Barukh, M.: Friendly hackers to the rescue: how organizations perceive crowdsourced vulnerability discovery. In: Pacific Asia Conference on Information Systems (PACIS) (2018)
Malone, T.W., Laubacher, R., Dellarocas, C.: The collective intelligence genome. IEEE Eng. Manag. Rev. 38(3), 38 (2010)
Laszka, A., Zhao, M., Grossklags, J.: Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms, pp. 161–178. Springer, Cham (2016)
Zhao, M., Grossklags, J., Chen, K.: An exploratory study of white hat behaviors in a web vulnerability disclosure program. In: Proceedings of the 2014 ACM Workshop on Security Information Workers - SIW 2014, pp. 51–58 (2014)
Votipka, D., Stevens, R., Redmiles, E., Hu, J., Mazurek, M.: Hackers vs. testers: a comparison of software vulnerability discovery processes. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 374–391 (2018)
Al-Banna, M., Benatallah, B., Barukh, M.C.: Software security professionals: expertise indicators. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 139–148 (2016)
LaToza, T.D., Ben Towne, W., Adriano, C.M., van der Hoek, A.: Microtask programming. In: Proceedings of the 27th Annual ACM Symposium on User Interface Software and Technology - UIST 2014, pp. 43–54 (2014)
Gamero-Garrido, A., Savage, S., Levchenko, K., Snoeren, A.C.: Quantifying the pressure of legal risks on third-party vulnerability research. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS 2017, pp. 1501–1513 (2017)
Zhao, M., Laszka, A., Grossklags, J.: Devising effective policies for bug-bounty platforms and security vulnerability discovery. J. Inf. Policy 7, 372 (2017)
Su, H.-J., Pan, J.-Y.: Crowdsourcing platform for collaboration management in vulnerability verification. In: 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 1–4 (2016)
Gadiraju, U., Kawase, R., Dietze, S.: Understanding malicious behavior in crowdsourcing platforms: the case of online surveys. In: 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 1631–1640 (2015)
Krivosheev, E., Casati, F., Baez, M., Benatallah, B.: Combining crowd and machines for multi-predicate item screening. Proc. ACM Hum.-Comput. Interact. 2(CSCW), 1–18 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Al-Banna, M., Benatallah, B., Barukh, M.C., Bertino, E., Kanhere, S. (2021). Crowdsourcing Software Vulnerability Discovery: Models, Dimensions, and Directions. In: Zhang, W., Zou, L., Maamar, Z., Chen, L. (eds) Web Information Systems Engineering – WISE 2021. WISE 2021. Lecture Notes in Computer Science(), vol 13080. Springer, Cham. https://doi.org/10.1007/978-3-030-90888-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-90888-1_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90887-4
Online ISBN: 978-3-030-90888-1
eBook Packages: Computer ScienceComputer Science (R0)