{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T16:33:24Z","timestamp":1774370004216,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,4,30]],"date-time":"2023-04-30T00:00:00Z","timestamp":1682812800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1850510"],"award-info":[{"award-number":["CNS-1850510"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,4,30]]},"DOI":"10.1145\/3543507.3583352","type":"proceedings-article","created":{"date-parts":[[2023,4,26]],"date-time":"2023-04-26T23:30:51Z","timestamp":1682551851000},"page":"2209-2219","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["The Benefits of Vulnerability Discovery and Bug Bounty Programs: Case Studies of Chromium and Firefox"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7734-662X","authenticated-orcid":false,"given":"Soodeh","family":"Atefi","sequence":"first","affiliation":[{"name":"University of Houston, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4295-529X","authenticated-orcid":false,"given":"Amutheezan","family":"Sivagnanam","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0680-1522","authenticated-orcid":false,"given":"Afiya","family":"Ayman","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1093-1282","authenticated-orcid":false,"given":"Jens","family":"Grossklags","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7400-2357","authenticated-orcid":false,"given":"Aron","family":"Laszka","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,4,30]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2301.04781"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3475783"},{"key":"e_1_3_2_2_3_1","volume-title":"16th USENIX Conference on Usable Privacy and Security (SOUPS). 319\u2013339","author":"Alomar Noura","year":"2020","unstructured":"Noura Alomar, Primal Wijesekera, Edward Qiu, and Serge Egelman. 2020. \u201cYou\u2019ve got your nice list of bugs, now what?\u201d Vulnerability discovery and management processes in the wild. In 16th USENIX Conference on Usable Privacy and Security (SOUPS). 319\u2013339. https:\/\/www.usenix.org\/conference\/soups2020\/presentation\/alomar"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.6084\/m9.figshare.22056617"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660320"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102817"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3357767.3357774"},{"key":"e_1_3_2_2_10_1","volume-title":"Rewired: Cybersecurity Governance","author":"Elazari Amit","unstructured":"Amit Elazari. 2019. Private ordering shaping cybersecurity policy: The case of bug bounties. In Rewired: Cybersecurity Governance, Ryan Ellis and Vivek Mohan (Eds.). Wiley. https:\/\/ssrn.com\/abstract=3161758"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10179-6"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","unstructured":"Sadegh Farhang Mehmet\u00a0Bahadir Kirdan Aron Laszka and Jens Grossklags. 2019. Hey Google what exactly do your security patches tell us? A large-scale empirical study on Android patched vulnerabilities. 2019 Workshop on the Economics of Information Security (WEIS) 24\u00a0pages. https:\/\/doi.org\/10.48550\/arXiv.1905.09352","DOI":"10.48550\/arXiv.1905.09352"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380078"},{"key":"e_1_3_2_2_14_1","volume-title":"22nd USENIX Security Symposium (USENIX Security). 273\u2013288","author":"Finifter Matthew","year":"2013","unstructured":"Matthew Finifter, Devdatta Akhawe, and David Wagner. 2013. An empirical study of vulnerability rewards programs. In 22nd USENIX Security Symposium (USENIX Security). 273\u2013288. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/presentation\/finifter"},{"key":"e_1_3_2_2_15_1","volume-title":"2023 IEEE Symposium on Security and Privacy (S&P). 289\u2013306","author":"Fulton R.","year":"2022","unstructured":"Kelsey\u00a0R. Fulton, Samantha Katcher, Kevin Song, Marshini Chetty, Michelle\u00a0L. Mazurek, Daniel Votipka, and Chlo\u00e9 Messdaghi. 2022. Vulnerability discovery for all: Experiences of marginalization in vulnerability discovery. In 2023 IEEE Symposium on Security and Privacy (S&P). 289\u2013306. https:\/\/doi.ieeecomputersociety.org\/10.1109\/SP46215.2023.00017"},{"key":"e_1_3_2_2_16_1","volume-title":"For good measure: The undiscovered. ;login: 40, 2","author":"Geer Dan","year":"2015","unstructured":"Dan Geer. 2015. For good measure: The undiscovered. ;login: 40, 2 (2015), 50\u201352. https:\/\/www.usenix.org\/publications\/login\/apr15\/geer"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","unstructured":"Trey Herr Bruce Schneier and Christopher Morris. 2017. Taking stock: Estimating vulnerability rediscovery. White Paper. Belfer Cyber Security Project. https:\/\/doi.org\/10.2139\/ssrn.2928758","DOI":"10.2139\/ssrn.2928758"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3140868"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2418812"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45741-3_9"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-58387-6_8"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3341495"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2018.2880508"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2354037"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.180"},{"key":"e_1_3_2_2_27_1","unstructured":"Katie Moussouris and Michael Siegel. 2015. The wolves of Vuln Street: The 1st dynamic systems model of the 0day market. In Retrieved from RSA Conference USA. https:\/\/cams.mit.edu\/wp-content\/uploads\/2017\/12\/The-Wolves-of-Vuln-Street-The-1st-System-Dynamics-Model-of-the-0day-Market.pdf"},{"key":"e_1_3_2_2_28_1","volume-title":"The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting. In 4th Workshop on the Economics of Information Security (WEIS). http:\/\/infosecon.net\/workshop\/pdf\/10","author":"Ozment Andy","year":"2005","unstructured":"Andy Ozment. 2005. The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting. In 4th Workshop on the Economics of Information Security (WEIS). http:\/\/infosecon.net\/workshop\/pdf\/10.pdf"},{"key":"e_1_3_2_2_29_1","volume-title":"15th USENIX Security Symposium (USENIX Security). 93\u2013104","author":"Ozment Andy","year":"2006","unstructured":"Andy Ozment and Stuart Schechter. 2006. Milk or wine: Does software security improve with age?. In 15th USENIX Security Symposium (USENIX Security). 93\u2013104. https:\/\/www.usenix.org\/conference\/15th-usenix-security-symposium\/milk-or-wine-does-software-security-improve-age"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.17"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538704"},{"key":"e_1_3_2_2_32_1","unstructured":"Bruce Schneier. 2014. Should U.S. hackers fix cybersecurity holes or exploit them?The Atlantic Available online at https:\/\/www.theatlantic.com\/technology\/archive\/2014\/05\/should-hackers-fix-cybersecurity-holes-or-exploit-them\/371197\/."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00003"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/IBF50092.2020.9034828"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102936"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813704"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.5325\/jinfopoli.7.2017.0372"}],"event":{"name":"WWW '23: The ACM Web Conference 2023","location":"Austin TX USA","acronym":"WWW '23","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2023"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3543507.3583352","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3543507.3583352","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3543507.3583352","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3543507.3583352","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:23Z","timestamp":1750178243000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3543507.3583352"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,30]]},"references-count":35,"alternative-id":["10.1145\/3543507.3583352","10.1145\/3543507"],"URL":"https:\/\/doi.org\/10.1145\/3543507.3583352","relation":{},"subject":[],"published":{"date-parts":[[2023,4,30]]},"assertion":[{"value":"2023-04-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}