A Survey of Bug Bounty Programs in Strengthening Cybersecurity and Privacy in the Blockchain Industry

Blockchains, Journal Year: 2024, Volume and Issue: 2(3), P. 195 - 216

Published: July 8, 2024

The increasing reliance on computer networks and blockchain technology has led to a growing concern for cybersecurity privacy. emergence of zero-day vulnerabilities unexpected exploits highlighted the need innovative solutions combat these threats. Bug bounty programs have gained popularity as cost-effective way crowdsource task identifying vulnerabilities, providing secure efficient means enhancing cybersecurity. This paper provides comprehensive survey various free paid bug in industry, evaluating their effectiveness, impact, credibility. study explores structure, incentives, nature uncovered by programs, well unique value proposition. A comparative analysis is conducted identify advantages disadvantages, highlighting strengths weaknesses each program. also examines role ethical hackers contributions strengthening Finally, concludes with recommendations addressing challenges faced suggests potential future directions enhance impact security.

Language: Английский

---

Large-scale agile security practices in software engineering

Information and Computer Security, Journal Year: 2024, Volume and Issue: unknown

Published: Sept. 9, 2024

Purpose Security in large-scale agile is a crucial aspect that should be carefully addressed to ensure the protection of sensitive data, systems and user privacy. This study aims identify characterize security practices can applied managing projects. Design/methodology/approach A qualitative carried out through 18 interviews with 6 software development companies based Portugal. Professionals who play roles Product Owner, Scrum Master Member were interviewed. thematic analysis was deductive inductive practices. Findings The findings identified total 15 practices, which 8 are themes 7 inductive. Most common include penetration testing, data management, automated threat modeling implementation DevSecOps approach. Originality/value results this extend knowledge about offer relevant practical contributions for organizations migrating environments. By incorporating at every stage lifecycle fostering security-conscious culture, effectively address challenges

Language: Английский

---

The impact of regulatory mechanisms on vulnerability disclosure behavior during crowdsourcing cybersecurity testing

Mathematical Biosciences & Engineering, Journal Year: 2023, Volume and Issue: 20(11), P. 19012 - 19039

Published: Jan. 1, 2023

<abstract><p>There are various regulatory mechanisms to coordinate vulnerability disclosure behaviors during crowdsourcing cybersecurity testing. However, in the case of unclear effectiveness, enterprises cannot obtain sufficient information, third-party testing platforms fail provide trusted services, and government lacks strong credibility. We have constructed a tripartite evolutionary game model analyze process equilibrium {legal disclosure, active operation, strict regulation}, paper reveals impact three mechanisms. find that these participants' positive stable state. Higher initial willingness accelerates speed reaching stability system, this is satisfied only if governmental benefits sufficiently high. Regarding punishment mechanism, increased for causes them adopt faster, while opposite occurs platforms; drives both participants faster. Concerning subsidy legal remain unresponsive; motivates players choose their own behaviors. In terms collaborative excessive costs reduce platforms' operate actively, which decreases enterprises' incentives disclose legally. These findings guide establish suitable regulate behavior promote healthy development industry.</p></abstract>

Language: Английский

---

Bug-Bounty, ¿el futuro del Pentesting?

Ciencia e Ingeniería Neogranadina, Journal Year: 2024, Volume and Issue: 34(1), P. 11 - 22

Published: June 30, 2024

En el presente estudio se analiza proceso de acorazamiento (blindaje) que presenta en río La Miel (Colombia), un importante tropical regulado y fuertemente modificado sus regímenes hidrológi- cos, hidráulicos sedimentológicos. Para confirmar la hipótesis del emplean tres enfoques diferentes: 1) verificación cualitativa realizada durante recorrido campo; 2) cuantitativa con empleo criterio definido por Little Meyer para desviación geométrica estándar granulometría lecho (determinada software Basegrain), 3) análisis los registros carga sedimentos suspensión fondo las estaciones monitoreo hi- drosedimentológico. Los resultados indican Miel, efectivamente, encuentra acorazado, según evidencia campo marcada disminución fondo; además, lado, identifica ha dado escalas tiempo más cortas reportadas literatura ríos extratropicales, debido al exceso capacidad transporte producido aumento sistemático caudales mínimos, luego regulación trasvases Guarinó Manso. Por otro podemos indicar efectivamente existe umbral caudal (234 m3/s), cual debe superar rompa coraza registre fondo.

---