Bug Bounty Hunting: A Case Study of Successful Vulnerability Discovery and Disclosure

Isma  Elan Maulani; Riska Anggraeni

doi:10.59188/devotion.v4i6.486

Bug Bounty Hunting: A Case Study of Successful Vulnerability Discovery and Disclosure

Authors

Isma Elan Maulani Universitas Muhammadiyah Cirebon
Riska Anggraeni SMK SBS Kuningan

DOI:

https://doi.org/10.59188/devotion.v4i6.486

Keywords:

bug bounty hunting; vulnerability device software; security researcher; security company; effectiveness; benefits; challenges

Abstract

This research is a case study on bug bounty hunting as a successful approach to finding and uncovering vulnerabilities in software. The purpose of this study is to understand the effectiveness of bug bounty hunting and its benefits in improving company security. Qualitative research methods were used by analyzing data from bug bounty programs that were successful in finding significant vulnerabilities. The results showed that bug bounty hunting proved to be effective in capturing various types of vulnerabilities, including web application vulnerabilities, network protocol vulnerabilities, hardware security vulnerabilities, and mobile app vulnerabilities. Security researchers play a critical role in the success of the bug bounty hunt, with their expertise in bug hunting and deep understanding of the technology. The benefits of bug bounty hunting include increased software security, cost efficiency, and increased company reputation for security and credibility. However, challenges such as finding hidden vulnerabilities and coordinating with enterprises need to be overcome. Recommendations include strengthening collaboration between enterprises and security researchers, establishing effective communication channels, and proactively responding to vulnerability reports.

Downloads

PDF
HTML

Published

2023-08-28

Issue

Vol. 4 No. 8 (2023): Devotion: Journal of Research and Community Service

Section

Articles

License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike 4.0 International. that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.