当前位置:
X-MOL 学术
›
arXiv.cs.HC
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Proposal of a Novel Bug Bounty Implementation Using Gamification
arXiv - CS - Human-Computer Interaction Pub Date : 2020-09-21 , DOI: arxiv-2009.10158 Jamie O'Hare and Lynsay A. Shepherd
arXiv - CS - Human-Computer Interaction Pub Date : 2020-09-21 , DOI: arxiv-2009.10158 Jamie O'Hare and Lynsay A. Shepherd
Despite significant popularity, the bug bounty process has remained broadly
unchanged since its inception, with limited implementation of gamification
aspects. Existing literature recognises that current methods generate intensive
resource demands, and can encounter issues impacting program effectiveness.
This paper proposes a novel bug bounty process aiming to alleviate resource
demands and mitigate inherent issues. Through the additional crowdsourcing of
report verification where fellow hackers perform vulnerability verification and
reproduction, the client organisation can reduce overheads at the cost of
rewarding more participants. The incorporation of gamification elements
provides a substitute for monetary rewards, as well as presenting possible
mitigation of bug bounty program effectiveness issues. Collectively, traits of
the proposed process appear appropriate for resource and budget-constrained
organisations - such Higher Education institutions.
中文翻译:
使用游戏化的新漏洞赏金实施提案
尽管非常受欢迎,但漏洞赏金流程自成立以来基本保持不变,游戏化方面的实施有限。现有文献认识到,当前的方法会产生密集的资源需求,并且可能会遇到影响项目有效性的问题。本文提出了一种新颖的漏洞赏金流程,旨在减轻资源需求并缓解固有问题。通过额外的报告验证众包,其中其他黑客执行漏洞验证和复制,客户组织可以以奖励更多参与者为代价来减少开销。游戏化元素的结合提供了金钱奖励的替代品,并提供了可能缓解错误赏金计划有效性问题的方法。总的来说,
更新日期:2020-09-23
中文翻译:
使用游戏化的新漏洞赏金实施提案
尽管非常受欢迎,但漏洞赏金流程自成立以来基本保持不变,游戏化方面的实施有限。现有文献认识到,当前的方法会产生密集的资源需求,并且可能会遇到影响项目有效性的问题。本文提出了一种新颖的漏洞赏金流程,旨在减轻资源需求并缓解固有问题。通过额外的报告验证众包,其中其他黑客执行漏洞验证和复制,客户组织可以以奖励更多参与者为代价来减少开销。游戏化元素的结合提供了金钱奖励的替代品,并提供了可能缓解错误赏金计划有效性问题的方法。总的来说,