Artificial Bugs for Crowdsearch: Augmenting Bug Bounty Programs

Artificial bugs can enhance bug bounty programs by increasing incentives for bug hunters, reducing costs, and improving program effectiveness.

The content discusses the concept of augmenting bug bounty programs with artificial bugs to incentivize participants. It explores the efficiency gains, benefits, and implementation strategies of artificial bugs in crowdsearch models. The paper outlines a model for private and public bug bounty programs, analyzing equilibrium behavior, optimal prizes, and the usefulness of artificial bugs. Additional insights include screening invalid submissions, gauging participation levels, and renewing interest in bug bounty programs. Introduction Bug bounty programs as tools for vulnerability detection. Importance of external agents in software security. Model Analyzing organic and artificial bugs in a system. Designer's budget constraints and prize optimization. Private Program Equilibrium characterization of agents' search decisions. Optimal prizes and number of artificial bugs. Public Program Asymptotic analysis as the number of agents tends to infinity. Convergence of solutions from private to public programs. Implementation Encryption, commitment schemes, and zero-knowledge proofs for proving existence of artificial bugs. Other Benefits Screening invalid submissions with artificial bugs. Gauging participation levels using artificial bugs. Renewing interest in bug bounty programs through artificial bugs.

"We show that it is sufficient to insert one artificial bug." "Inserting an artificial bug is beneficial if the designer has high valuations for finding organic bugs."

"We suggest augmenting such programs by inserting artificial bugs." "Artificial bugs are particularly beneficial if the designer places high valuations on finding organic bugs."