{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T21:14:08Z","timestamp":1743110048716,"version":"3.40.3"},"publisher-location":"Cham","reference-count":14,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031418198"},{"type":"electronic","value":"9783031418204"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-41820-4_14","type":"book-chapter","created":{"date-parts":[[2024,2,6]],"date-time":"2024-02-06T12:02:36Z","timestamp":1707220956000},"page":"235-250","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Bug Bounties: Ethical and Legal Aspects"],"prefix":"10.1007","author":[{"given":"Jo\u00e3o Paulo","family":"Magalh\u00e3es","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,2,7]]},"reference":[{"key":"14_CR1","unstructured":"Bannister A (2020) Bug bounty earnings soar, but 63% with held security flaws study. Online, https:\/\/portswigger.net\/daily-swig\/bug-bounty-earnings-soar-but-63-of-ethical-hackers-have-withheld-security-flaws-study"},{"key":"14_CR2","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1007\/11766155_21","volume-title":"Emerging trends in information and communication security, international conference, ETRICS 2006, Freiburg, Germany, June 6\u20139, 2006. Proceedings, Lecture Notes in Computer Science","author":"R B\u00f6hme","year":"2006","unstructured":"B\u00f6hme R (2006) A comparison of market approaches to software vulnerability disclosure. In: M\u00fcller G (ed) Emerging trends in information and communication security, international conference, ETRICS 2006, Freiburg, Germany, June 6\u20139, 2006. Proceedings, Lecture Notes in Computer Science, vol 3995. Springer, pp 298\u2013311. https:\/\/doi.org\/10.1007\/11766155_21"},{"key":"14_CR3","unstructured":"Culafi A (2021) Burned by apple, researchers mull selling zero days to brokers. Online, https:\/\/searchsecurity.techtarget.com\/news\/252508220\/Burned-by-Apple-researchers-mull-selling-zero-days-to-brokers"},{"key":"14_CR4","first-page":"223","volume-title":"2017 ACM\/IEEE international symposium on empirical software engineering and measurement (ESEM)","author":"H Hata","year":"2017","unstructured":"Hata H, Guo M, Babar MA (2017) Understanding the heterogeneity of contributors in bug bounty programs. In: 2017 ACM\/IEEE international symposium on empirical software engineering and measurement (ESEM). IEEE, pp 223\u2013228"},{"key":"14_CR5","first-page":"138","volume-title":"Financial cryptography and data security","author":"A Laszka","year":"2018","unstructured":"Laszka A, Zhao M, Malbari A, Grossklags J (2018) The rules of engagement for bug bounty programs. In: Meiklejohn S, Sako K (eds) Financial cryptography and data security. Springer, Berlin, pp 138\u2013159"},{"key":"14_CR6","unstructured":"Lin MS (2016) Are China\u2019s \u2018ethical hackers\u2019 cyber heroes or criminals? Online, http:\/\/english.caixin.com\/2016\u201310-17\/100997728.html"},{"issue":"01","key":"14_CR7","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1109\/MS.2018.2880508","volume":"37","author":"SS Malladi","year":"2020","unstructured":"Malladi SS, Subramanian HC (2020) Bug bounty programs for cybersecurity: practices, issues, and recommendations. IEEE Softw 37(01):31\u201339. https:\/\/doi.org\/10.1109\/MS.2018.2880508","journal-title":"IEEE Softw"},{"key":"14_CR8","unstructured":"Salter J (2021) Three iOS 0-days revealed by researcher frustrated with apple\u2019s bug bounty. Online, https:\/\/arstechnica.com\/information-technology\/2021\/09\/three-ios-0-days-revealed-by-researcher-frustrated-with-apples-bug-bounty\/"},{"key":"14_CR9","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3484193","volume-title":"Proceedings of the 15th ACM\/IEEE international symposium on empirical software engineering and measurement (ESEM), ESEM \u201821","author":"S Shafigh","year":"2021","unstructured":"Shafigh S, Benatallah B, Rodr\u00edguez C, Al-Banna M (2021) Why some bug-bounty vulnerability reports are invalid? study of bug-bounty reports and developing an out-of-scope taxonomy model. In: Proceedings of the 15th ACM\/IEEE international symposium on empirical software engineering and measurement (ESEM), ESEM \u201821. Association for Computing Machinery, New York. https:\/\/doi.org\/10.1145\/3475716.3484193"},{"key":"14_CR10","volume-title":"Workshop on the Economics of Information Security (WEIS)","author":"A Sivagnanam","year":"2021","unstructured":"Sivagnanam A, Atefi S, Ayman A, Grossklags J, Laszka A (2021) On the benefits of bug bounty programs: a study of chromium vulnerabilities. In: Workshop on the Economics of Information Security (WEIS)"},{"issue":"1","key":"14_CR11","doi-asserted-by":"publisher","first-page":"tyab007","DOI":"10.1093\/cybsec\/tyab007","volume":"7","author":"K Sridhar","year":"2021","unstructured":"Sridhar K, Ng M (2021) Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties. J Cybersecur 7(1):tyab007. https:\/\/doi.org\/10.1093\/cybsec\/tyab007","journal-title":"J Cybersecur"},{"key":"14_CR12","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/IBF50092.2020.9034828","volume-title":"2020 IEEE 2nd international workshop on intelligent bug fixing (IBF)","author":"T Walshe","year":"2020","unstructured":"Walshe T, Simpson A (2020) An empirical study of bug bounty programs. In: 2020 IEEE 2nd international workshop on intelligent bug fixing (IBF), pp 35\u201344. https:\/\/doi.org\/10.1109\/IBF50092.2020.9034828"},{"key":"14_CR13","unstructured":"WSJ (2016) China\u2019s \u2018white-hat\u2019 hackers fear dark times after community founde ris detained. Wall Street J. https:\/\/www.wsj.com\/articles\/BL-CJB-29440"},{"key":"14_CR14","first-page":"372","volume":"7","author":"M Zhao","year":"2017","unstructured":"Zhao M, Laszka A, Grossklags J (2017) Devising effective policies for bug-bounty platforms and security vulnerability discovery. J Inf Policy 7:372\u2013418. http:\/\/www.jstor.org\/stable\/10.5325\/jinfopoli.7.2017.0372","journal-title":"J Inf Policy"}],"container-title":["Law, Governance and Technology Series","Legal Developments on Cybersecurity and Related Fields"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-41820-4_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,6]],"date-time":"2024-02-06T12:06:59Z","timestamp":1707221219000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-41820-4_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031418198","9783031418204"],"references-count":14,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-41820-4_14","relation":{},"ISSN":["2352-1902","2352-1910"],"issn-type":[{"type":"print","value":"2352-1902"},{"type":"electronic","value":"2352-1910"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"7 February 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}