{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T17:10:07Z","timestamp":1755882607323,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T00:00:00Z","timestamp":1722297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of the Interior of the CR","award":["VJ03030052"],"award-info":[{"award-number":["VJ03030052"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,30]]},"DOI":"10.1145\/3664476.3670455","type":"proceedings-article","created":{"date-parts":[[2024,7,25]],"date-time":"2024-07-25T12:35:50Z","timestamp":1721910950000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Beyond the Bugs: Enhancing Bug Bounty Programs through Academic Partnerships"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8150-0362","authenticated-orcid":false,"given":"Andrej","family":"Kri\u0161tof\u00edk","sequence":"first","affiliation":[{"name":"CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1669-9931","authenticated-orcid":false,"given":"Jakub","family":"Vostoupal","sequence":"additional","affiliation":[{"name":"CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9009-2193","authenticated-orcid":false,"given":"Kamil","family":"Malinka","sequence":"additional","affiliation":[{"name":"Institute of Computer Science and Faculty of Informatics, Masaryk University, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6675-9528","authenticated-orcid":false,"given":"Franti\u0161ek","family":"Kasl","sequence":"additional","affiliation":[{"name":"CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4965-1467","authenticated-orcid":false,"given":"Pavel","family":"Loutock\u00fd","sequence":"additional","affiliation":[{"name":"CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2016. Good Practice Guide on Vulnerability Disclosure. From challenges to recommendations. https:\/\/www.enisa.europa.eu\/publications\/vulnerability-disclosure"},{"key":"e_1_3_2_1_2_1","unstructured":"2019. Strategic Programs for Advanced Research and Technology in Europe - SPARTA. https:\/\/cordis.europa.eu\/project\/id\/830892"},{"key":"e_1_3_2_1_3_1","unstructured":"2021. Digital Economy and Society Index 2021: Overall progress in digital transition but need for new EU-wide efforts. https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/ip_21_5481"},{"key":"e_1_3_2_1_4_1","unstructured":"2022. Hack The Army. https:\/\/www.arcyber.army.mil\/Resources\/Fact-Sheets\/Article\/3106335\/hack-the-army\/https%3A%2F%2Fwww.arcyber.army.mil%2FResources%2FFact-Sheets%2FArticle%2F3106335%2Fhack-the-army%2F"},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Threat Landscape 2022. https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2022"},{"key":"e_1_3_2_1_6_1","unstructured":"2022. The urgency of tackling Europe\u2019s cybersecurity skills shortage. https:\/\/blogs.microsoft.com\/eupolicy\/2022\/03\/23\/the-urgency-of-tackling-europes-cybersecurity-skills-shortage\/"},{"key":"e_1_3_2_1_7_1","unstructured":"2023. Apple Security Bounty. https:\/\/security.apple.com\/bounty\/"},{"key":"e_1_3_2_1_8_1","unstructured":"2023. Coordinated Vulnerability Disclosure: Towards a Common EU Approach. https:\/\/www.enisa.europa.eu\/news\/coordinated-vulnerability-disclosure-towards-a-common-eu-approach"},{"key":"e_1_3_2_1_9_1","unstructured":"2023. Developing National Vulnerabilities Programmes. https:\/\/www.enisa.europa.eu\/publications\/developing-national-vulnerabilities-programmes"},{"key":"e_1_3_2_1_10_1","unstructured":"2023. HackerOne - About us. https:\/\/www.hackerone.com\/"},{"key":"e_1_3_2_1_11_1","unstructured":"2023. Meta Bug Bounty Information. https:\/\/www.facebook.com\/whitehat\/info"},{"key":"e_1_3_2_1_12_1","unstructured":"2023. Rewards Program. https:\/\/security.samsungmobile.com\/rewardsProgram.smsb"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","unstructured":"Omer Akgul Taha Eghtesad Amit Elazari Omprakash Gnawali Jens Grossklags Michelle\u00a0L. Mazurek Daniel Votipka and Aron Laszka. 2023. Bug Hunters\u2019 Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem. https:\/\/doi.org\/10.48550\/ARXIV.2301.04781","DOI":"10.48550\/ARXIV.2301.04781"},{"key":"e_1_3_2_1_14_1","first-page":"443","article-title":"Debugging the System: Reforming Vulnerability Disclosure Programs in the Private Sector","volume":"73","author":"Arooni Jasmine","year":"2021","unstructured":"Jasmine Arooni. 2021. Debugging the System: Reforming Vulnerability Disclosure Programs in the Private Sector. Federal Communications Law Journal 73, 3 (2021), 443\u2013466.","journal-title":"Federal Communications Law Journal"},{"key":"e_1_3_2_1_15_1","unstructured":"Cyber Security for Europe. 2020. Addressing the Shortage of Cybersecurity Skills in Europe. https:\/\/cybersec4europe.eu\/addressing-the-shortage-of-cybersecurity-skills-in-europe\/"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1080\/13600834.2022.2132595"},{"volume-title":"Rewired: Cybersecurity Governance, Ryan Ellis and Vivek Mohan (Eds.).","author":"Elazari Amit","key":"e_1_3_2_1_17_1","unstructured":"Amit Elazari. 2019. Private Ordering Shaping Cybersecurity Policy: The Case of Bug Bounties. In Rewired: Cybersecurity Governance, Ryan Ellis and Vivek Mohan (Eds.). Rochester, NY, 231\u2013246."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.4009275"},{"key":"e_1_3_2_1_19_1","unstructured":"Miguel Gonz\u00e1lez-Sancho. 2019. Four EU pilot projects launched to prepare the European Cybersecurity Competence Network. https:\/\/ec.europa.eu\/digital-single-market\/en\/news\/four-eu-pilot-projects-launched-prepare-european-cybersecurity-competence-network 00000."},{"key":"e_1_3_2_1_20_1","unstructured":"Tim Greene. 2004. Training Ethical Hackers: Training the Enemy?https:\/\/defcon.org\/html\/links\/dc_press\/archives\/12\/ebcvg_training_ethical_hackers.htm"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1080\/00224545.2015.1135864"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.58729\/1941-6679.1055"},{"key":"e_1_3_2_1_23_1","volume-title":"Ethical Hacking: Educating Future Cybersecurity Professionals. Information Systems & Computing Academic Professionals: Proceedings of the EDSIG Conference","author":"Hartley Regina","year":"2017","unstructured":"Regina Hartley, Dawn Medlin, and Zach Houlik. 2017. Ethical Hacking: Educating Future Cybersecurity Professionals. Information Systems & Computing Academic Professionals: Proceedings of the EDSIG Conference (2017), 1\u201310."},{"key":"e_1_3_2_1_24_1","volume-title":"Understanding the Heterogeneity of Contributors in Bug Bounty Programs. (Sept","author":"Hata Hideaki","year":"2017","unstructured":"Hideaki Hata, Mingyu Guo, and Muhammad Ali\u00a0Babar. 2017. Understanding the Heterogeneity of Contributors in Bug Bounty Programs. (Sept. 2017)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/MobServ.2015.34"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-58387-6_8"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.giq.2017.10.006"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3649217.3653633"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2018.2880508"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10683-020-09686-4"},{"key":"e_1_3_2_1_31_1","unstructured":"Jason R.\u00a0C. Nurse Konstantinos Adamos Athanasios Grammatopoulos and Fabio Di\u00a0Franco. 2021. Addressing Skills Shortage and Gap Through Higher Education. https:\/\/www.enisa.europa.eu\/publications\/addressing-skills-shortage-and-gap-through-higher-education"},{"key":"e_1_3_2_1_32_1","article-title":"Bugs for sale: Legal and ethical proprietaries of the market in software vulnerabilities","volume":"28","author":"Oriola A.","year":"2011","unstructured":"Taiwo\u00a0A. Oriola. 2011. Bugs for sale: Legal and ethical proprietaries of the market in software vulnerabilities. John Marshall Journal of Computer & Information Law 28, 4 (2011). https:\/\/repository.law.uic.edu\/jitpl\/vol28\/iss4\/1","journal-title":"John Marshall Journal of Computer & Information Law"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1231047.1231088"},{"key":"e_1_3_2_1_34_1","volume-title":"The Ethics of Hacking: Should It Be Taught?ArXiv (Dec","author":"Radziwill Nicole","year":"2015","unstructured":"Nicole Radziwill, Jessica Romano, Diane Shorter, and Morgan Benton. 2015. The Ethics of Hacking: Should It Be Taught?ArXiv (Dec. 2015)."},{"key":"e_1_3_2_1_35_1","unstructured":"Jacob Riggs. 2021. I hacked the Dutch government and all I got was this t-shirt. https:\/\/jacobriggs.io\/blog\/posts\/i-hacked-the-dutch-government-and-all-i-got-was-this-t-shirt-24.html"},{"key":"e_1_3_2_1_36_1","volume-title":"17th Annual Workshop on the Economics of Information Security, Innsbruck (May 2018","author":"Ruohonen Jukka","year":"2018","unstructured":"Jukka Ruohonen and Luca Allodi. 2018. A Bug Bounty Perspective on the Disclosure of Web Vulnerabilities. 17th Annual Workshop on the Economics of Information Security, Innsbruck (May 2018). http:\/\/arxiv.org\/abs\/1805.09850 arXiv:1805.09850."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1037\/0003-066X.55.1.68"},{"key":"e_1_3_2_1_38_1","first-page":"448","article-title":"Responsible Vulnerability Disclosure under the NIS 2.0 Proposal","volume":"12","author":"Schmitz Sandra","year":"2021","unstructured":"Sandra Schmitz and Stefan Schiffner. 2021. Responsible Vulnerability Disclosure under the NIS 2.0 Proposal. Journal of Intellectual Property, Information Technology and Electronic Commerce Law 12, 5 (2021), 448\u2013457. https:\/\/heinonline.org\/HOL\/P?h=hein.journals\/jipitec12&i=646","journal-title":"Journal of Intellectual Property, Information Technology and Electronic Commerce Law"},{"key":"e_1_3_2_1_39_1","unstructured":"Stephen Shepherd. 2021. How do we define Responsible Disclosure?"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.34190\/iccws.17.1.21"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2047456.2047468"},{"key":"e_1_3_2_1_42_1","unstructured":"Zouheir Trabelsi. 2012. Switch\u2019s CAM table poisoning attack. In Computing Education 2012 - Proceedings of the 14th Australasian Computing Education Conference(Conferences in Research and Practice in Information Technology Series) Michael de\u00a0Raadt and Angela Carbone (Eds.). Australian Computer Society Melbourne Australia 113\u2013120. http:\/\/www.scopus.com\/inward\/record.url?scp=85014905333&partnerID=8YFLogxK Publisher: Australian Computer Society."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2656450.2656462"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462476.2465580"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.4018\/IJICTE.2016010101"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","unstructured":"Jakub Vostoupal V\u00e1clav Stupka Jakub Hara\u0161ta Franti\u0161ek Kasl Pavel Loutock\u00fd and Kamil Malinka. 2023. The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the Nis 2 and Beyond. https:\/\/doi.org\/10.2139\/ssrn.4640775","DOI":"10.2139\/ssrn.4640775"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/IBF50092.2020.9034828"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102936"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1080\/08941920.2015.1054976"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1023967026413"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2017.11.003"}],"event":{"name":"ARES 2024: The 19th International Conference on Availability, Reliability and Security","acronym":"ARES 2024","location":"Vienna Austria"},"container-title":["Proceedings of the 19th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670455","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664476.3670455","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:52:14Z","timestamp":1755881534000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670455"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,30]]},"references-count":51,"alternative-id":["10.1145\/3664476.3670455","10.1145\/3664476"],"URL":"https:\/\/doi.org\/10.1145\/3664476.3670455","relation":{},"subject":[],"published":{"date-parts":[[2024,7,30]]},"assertion":[{"value":"2024-07-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}