• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.53-70
• /
• 2019

As information security becomes more important as the fourth industrial revolution gradually emerges, an efficient and effective way to find vulnerabilities in information systems is becoming an essential requirement of information security. As the point of the protection of current information and the protection of the future industry, the Korean government has paid attention to the bug bounty, which has been recognized for its efficiency and effectiveness and has implemented through the Korea Internet Security Agency's S/W vulnerability bug bounty program. However, there are growing problems about the S/W vulnerability bug bounty program of the Korea Internet Security Agency, which has been operating for about 7 years. The purpose of this study is to identify the problems in Korean bug bounty policies through the characteristics of the bug bounty program, and to suggest the direction of the government's policy to activate the bug bounty like changes in the government's approach utilizing the market.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.11
• /
• pp.257-270
• /
• 2022

This paper analyzes the effect of profit incentives within the setting of bounty open source project. A simple decision-making model based on classical utility maximization is presented for open source developers that includes income effects from the bounty prize. We then simulate the decisions of multiple developers to assess the effect from the bounty prize. Our result shows that learning costs can greatly reduce the software quality improvement benefit from bounty project. It also suggests that open source projects can benefit more when they have multiple small bounty projects than a single large bounty project since it reduces the learning cost and the opportunity cost for the open source developers.