{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T02:55:16Z","timestamp":1771901716462,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,8,26]],"date-time":"2019-08-26T00:00:00Z","timestamp":1566777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,8,26]]},"DOI":"10.1145\/3339252.3341495","type":"proceedings-article","created":{"date-parts":[[2019,8,9]],"date-time":"2019-08-09T12:21:03Z","timestamp":1565353263000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Productivity and Patterns of Activity in Bug Bounty Programs"],"prefix":"10.1145","author":[{"given":"Donatello","family":"Luna","sequence":"first","affiliation":[{"name":"Tribunale di Busto Arsizio, Busto Arsizio, Varese, Italy"}]},{"given":"Luca","family":"Allodi","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, Eindhoven, Netherlands"}]},{"given":"Marco","family":"Cremonini","sequence":"additional","affiliation":[{"name":"University of Milan, Milan, Italy"}]}],"member":"320","published-online":{"date-parts":[[2019,8,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/3154161"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3085228.3085233"},{"key":"e_1_3_2_1_3_1","unstructured":"European Commission DIGIT. 2019. European Commission raises bounty awards to challenge developers. https:\/\/joinup.ec.europa.eu\/collection\/eu-fossa-2\/news\/ready-challenge  European Commission DIGIT. 2019. European Commission raises bounty awards to challenge developers. https:\/\/joinup.ec.europa.eu\/collection\/eu-fossa-2\/news\/ready-challenge"},{"key":"e_1_3_2_1_4_1","unstructured":"Eduardo Vela Nava. 2017. Vulnerability Rewards Program: 2016 Year in Review. https:\/\/security.googleblog.com\/2017\/01\/vulnerability-rewards-program-2016-year.html  Eduardo Vela Nava. 2017. Vulnerability Rewards Program: 2016 Year in Review. https:\/\/security.googleblog.com\/2017\/01\/vulnerability-rewards-program-2016-year.html"},{"key":"e_1_3_2_1_5_1","unstructured":"Chris Evans Eric Grosse Neel Mehta Matt Moore Tavis Ormandy Julien Tinnes and Michal Zalewski. 2010. Rebooting Responsible Disclosure: a focus on protecting end users. https:\/\/security.googleblog.com\/2010\/07\/rebooting-responsible-disclosure-focus.html  Chris Evans Eric Grosse Neel Mehta Matt Moore Tavis Ormandy Julien Tinnes and Michal Zalewski. 2010. Rebooting Responsible Disclosure: a focus on protecting end users. https:\/\/security.googleblog.com\/2010\/07\/rebooting-responsible-disclosure-focus.html"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534790"},{"key":"e_1_3_2_1_7_1","unstructured":"Google Inc. 2017. Google Security Reward Programs. https:\/\/www.google.com\/about\/appsecurity\/  Google Inc. 2017. Google Security Reward Programs. https:\/\/www.google.com\/about\/appsecurity\/"},{"key":"e_1_3_2_1_8_1","unstructured":"Google Inc. 2017. Google Vulnerabilities Research. https:\/\/www.google.com\/about\/appsecurity\/research\/  Google Inc. 2017. Google Vulnerabilities Research. https:\/\/www.google.com\/about\/appsecurity\/research\/"},{"key":"e_1_3_2_1_9_1","unstructured":"HackerOne Inc. 2016. 2016 Bug Bounty Hacker Report - Who are these bug bounty hackers? https:\/\/www.hackerone.com\/resources\/2016-bug-bounty-hacker-report  HackerOne Inc. 2016. 2016 Bug Bounty Hacker Report - Who are these bug bounty hackers? https:\/\/www.hackerone.com\/resources\/2016-bug-bounty-hacker-report"},{"key":"e_1_3_2_1_10_1","unstructured":"HackerOne Inc. 2017. Bug Bounty Vulnerability Coordination. https:\/\/www.hackerone.com  HackerOne Inc. 2017. Bug Bounty Vulnerability Coordination. https:\/\/www.hackerone.com"},{"key":"e_1_3_2_1_11_1","unstructured":"HackerOne Inc. 2017. Hacker Activity. https:\/\/www.hackerone.com\/hacktivity  HackerOne Inc. 2017. Hacker Activity. https:\/\/www.hackerone.com\/hacktivity"},{"key":"e_1_3_2_1_12_1","volume-title":"The hacker-powered security report","author":"HackerOne Inc. 2017.","year":"2017","unstructured":"HackerOne Inc. 2017. The hacker-powered security report 2017 . https:\/\/www.hackerone.com\/resources\/hacker-powered-security-report HackerOne Inc. 2017. The hacker-powered security report 2017. https:\/\/www.hackerone.com\/resources\/hacker-powered-security-report"},{"key":"e_1_3_2_1_13_1","unstructured":"HackerOne Inc. 2018. Sergey Markov (sergeym) - Hacker Activity. https:\/\/www.hackerone.com\/sergeym  HackerOne Inc. 2018. Sergey Markov (sergeym) - Hacker Activity. https:\/\/www.hackerone.com\/sergeym"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","volume":"2","author":"Huang Keman","year":"2016","unstructured":"Keman Huang , Michael Siegel , Stuart Madnick , Xiaohong Li , and Zhiyong Feng . 2016 . Diversity or concentration? Hackers\u00e2\u0102Ź strategy for working across multiple bug bounty programs . In Proceedings of the IEEE Symposium on Security and Privacy , Vol. 2 . Keman Huang, Michael Siegel, Stuart Madnick, Xiaohong Li, and Zhiyong Feng. 2016. Diversity or concentration? Hackers\u00e2\u0102Ź strategy for working across multiple bug bounty programs. In Proceedings of the IEEE Symposium on Security and Privacy, Vol. 2."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3199674"},{"key":"e_1_3_2_1_16_1","volume-title":"Kendrick and Marvin Frankel","author":"John","year":"2018","unstructured":"John W. Kendrick and Marvin Frankel . 2018 . Productivity (Economics). Encyclopaedia Britannica ( 2018). https:\/\/www.britannica.com\/topic\/productivity John W. Kendrick and Marvin Frankel. 2018. Productivity (Economics). Encyclopaedia Britannica (2018). https:\/\/www.britannica.com\/topic\/productivity"},{"key":"e_1_3_2_1_17_1","unstructured":"Microsoft Corporation. 2017. Security Tech Center - Microsoft Bug Bounty Programs. https:\/\/technet.microsoft.com\/en-us\/security\/dn425036  Microsoft Corporation. 2017. Security Tech Center - Microsoft Bug Bounty Programs. https:\/\/technet.microsoft.com\/en-us\/security\/dn425036"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.2307\/2230745"},{"key":"e_1_3_2_1_19_1","volume-title":"A bug bounty perspective on the disclosure of web vulnerabilities. arXiv preprint arXiv:1805.09850","author":"Ruohonen Jukka","year":"2018","unstructured":"Jukka Ruohonen and Luca Allodi . 2018. A bug bounty perspective on the disclosure of web vulnerabilities. arXiv preprint arXiv:1805.09850 ( 2018 ). Jukka Ruohonen and Luca Allodi. 2018. A bug bounty perspective on the disclosure of web vulnerabilities. arXiv preprint arXiv:1805.09850 (2018)."},{"key":"e_1_3_2_1_20_1","volume-title":"Security techniques, Vulnerability disclosure. ISO\/IEC 29147:2014(E)","author":"The International Organization for Standardization. 2014.","year":"2014","unstructured":"The International Organization for Standardization. 2014. Information technology , Security techniques, Vulnerability disclosure. ISO\/IEC 29147:2014(E) ( 2014 ). https:\/\/www.iso.org\/standard\/45170.html The International Organization for Standardization. 2014. Information technology, Security techniques, Vulnerability disclosure. ISO\/IEC 29147:2014(E) (2014). https:\/\/www.iso.org\/standard\/45170.html"},{"key":"e_1_3_2_1_21_1","unstructured":"The President of the United States. 2017. Vulnerabilities Equities Policy and Process for the United States Government. https:\/\/www.whitehouse.gov\/sites\/whitehouse.gov\/files\/images\/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF  The President of the United States. 2017. Vulnerabilities Equities Policy and Process for the United States Government. https:\/\/www.whitehouse.gov\/sites\/whitehouse.gov\/files\/images\/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF"},{"key":"e_1_3_2_1_22_1","volume-title":"Department of Justice (DoJ) Criminal Division Cybersecurity Unit","author":"The","year":"2017","unstructured":"The U.S. Department of Justice (DoJ) Criminal Division Cybersecurity Unit . 2017 . A Framework for a Vulnerability Disclosure Program for Online Systems . https:\/\/www.justice.gov\/criminal-ccips\/page\/file\/983996\/download The U.S. Department of Justice (DoJ) Criminal Division Cybersecurity Unit. 2017. A Framework for a Vulnerability Disclosure Program for Online Systems. https:\/\/www.justice.gov\/criminal-ccips\/page\/file\/983996\/download"},{"key":"e_1_3_2_1_23_1","unstructured":"VentureBeat. 2014. How Bugcrowd uses crowdsourcing to uncover security flaws faster than the bad guys do (interview). https:\/\/venturebeat.com\/2014\/08\/18\/how-bugcrowd-uses-crowdsourcing-to-uncover-security-flaws-faster-than-the-bad-guys-do-interview\/  VentureBeat. 2014. How Bugcrowd uses crowdsourcing to uncover security flaws faster than the bad guys do (interview). https:\/\/venturebeat.com\/2014\/08\/18\/how-bugcrowd-uses-crowdsourcing-to-uncover-security-flaws-faster-than-the-bad-guys-do-interview\/"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813704"},{"key":"e_1_3_2_1_25_1","volume-title":"The HCOMP Workshop on Mathematical Foundations of Human Computation","author":"Zhao Mingyi","year":"2016","unstructured":"Mingyi Zhao , Aron Laszka , Thomas Maillart , and Jens Grossklags . 2016 . Crowdsourced security vulnerability discovery: Modeling and organizing bug-bounty programs . In The HCOMP Workshop on Mathematical Foundations of Human Computation , Austin, TX, USA. Mingyi Zhao, Aron Laszka, Thomas Maillart, and Jens Grossklags. 2016. Crowdsourced security vulnerability discovery: Modeling and organizing bug-bounty programs. In The HCOMP Workshop on Mathematical Foundations of Human Computation, Austin, TX, USA."}],"event":{"name":"ARES '19: 14th International Conference on Availability, Reliability and Security","location":"Canterbury CA United Kingdom","acronym":"ARES '19"},"container-title":["Proceedings of the 14th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3339252.3341495","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3339252.3341495","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:29Z","timestamp":1750204469000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3339252.3341495"}},"subtitle":["Analysis of HackerOne and Google Vulnerability Research"],"short-title":[],"issued":{"date-parts":[[2019,8,26]]},"references-count":25,"alternative-id":["10.1145\/3339252.3341495","10.1145\/3339252"],"URL":"https:\/\/doi.org\/10.1145\/3339252.3341495","relation":{},"subject":[],"published":{"date-parts":[[2019,8,26]]},"assertion":[{"value":"2019-08-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}