Skip to the content.

Bug Bounty

A bug bounty program rewards researchers reporting vulnerabilities to the vendor of the affected software in the form of financial compensation.

6 papers and 4 talks


Bug bounties have proven themselves an effective mechanism to improve vulnerability discovery, while also reducing the availability of zero-day vulnerabilities and exploits to malicious cyber actors.

My research proposes and validates a model for a broader scope bug bounty program (Bug Bounty of Last Resort) by assessing and comparing the cost of having a massive vulnerability purchase program following a coordinated disclosure process - and comparing this cost to cybercrime losses.