IJISC
  • Indexed in

  • Latest News

    December 30, 2024
    Volume 13, Issue 2 of the International Journal of Information Security and Cybercrime was published
    July 1, 2024
    Volume 13, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 27, 2023
    Volume 12, Issue 2 of the International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • Getting Started with Vulnerability Disclosure and Bug Bounty Programs


    Author(s): PASCARIU, Cristian

    Quick view | Full article | Citations | Views: 354


    Author(s) keywords: , ,


    Reference keywords: , ,


    Abstract:

    The raise in online platforms and services that organizations around the world offer has grown significantly, ensuring the information security of these platforms is a task of paramount importance. There are challenges in achieving this mainly due to the shortage of skilled security professionals and the growing number of online services that companies offer. This article focuses on the benefits of using Crowdsourcing security programs, such as Vulnerability Disclosure Programs (VDP) and Bug Bounty programs to complement the existing security assessments performed by organizations. These programs provide a way for organizations to better interact with the security community, gain valuable insight into the public security posture, improve the brand image by providing a mechanism in which security researchers can notify the organizations of imminent security risks.



    References:

    [1]. D. Evans, “How Zoom became so popular during social distancing,” April 2020, https://www.cnbc.com/2020/04/03/how-zoom-rose-to-the-top-during-the-coronavirus-pandemic.html.
    [2]. Center for Internet Security, CIS Critical Security Control 16: Application Software Security, 2022, https://www.cisecurity.org/controls/application-software-security.
    [3]. Center for Internet Security, CIS Critical Security Control 18: Penetration Testing, https://www.cisecurity.org/controls/penetration-testing.
    [4]. G. Turcsányi, “Deep dive into the Equifax breach and a Struts vulnerability,” https://avatao.com/blog-deep-dive-into-the-equifax-breach-and-the-apache-struts-vulnerability/.
    [5]. Bugcrowd, Vulnerability Disclosure Policy: What is It & Why is it Important?, May 2022, https://www.bugcrowd.com/blog/vulnerability-disclosure-policy-what-is-it-why-is-it-important/.
    [6]. security.txt. A proposed standard which allows websites to define security policies, https://securitytxt.org.
    [7]. RFC 9116. A File Format to Aid in Security Vulnerability Disclosure, April 2022, https://www.rfc-editor.org/rfc/rfc9116.
    [8]. Bug Bounty Benefits | Why You Need a Bug Bounty Program, October 2021, https://www.hackerone.com/bounty/bug-bounty-benefits-why-you-need-bug-bounty-program.
    [9]. 17 Best Bug Tracking Tools: Defect Tracking Tools of 2022, March 2022, https://www.softwaretestinghelp.com/popular-bug-tracking-software/.
    [10]. T. Hunt, “Beg Bounties,” November 2021, https://www.troyhunt.com/beg-bounties/.



    Additional Information

    Article Title: Getting Started with Vulnerability Disclosure and Bug Bounty Programs
    Author(s): PASCARIU, Cristian
    Date of Publication: 2022-06-28
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2022.01.03
    Issue: Volume 11, Issue 1, Year 2022
    Section: Studies and Analysis of Cybercrime Phenomenon
    Page Range: 25-30 (6 pages)



    Copyright ©2012-2025
    The International Journal of Information Security and Cybercrime (IJISC)

    All rights reserved
    The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.