The Simple Economics of an External Shock on a Crowdsourced 'Bug Bounty Platform'

preprint OA: closed
🔓 Open OA copy View at publisher

Abstract

In this paper, we first provide background on the "nuts and bolts" of a bug bounty platform a two-sided marketplace that connects firms and individual security researchers ("ethical" hackers) to find and be rewarded for discovering software vulnerabilities. We then empirically examine the effect of an exogenous external shock (Covid-19) on Bugcrowd, one of the two largest "two-sided" bug bounty platforms. The shock reduced the opportunity set for many security researchers who either lost their jobs or were placed on a leave of absence. We show that the exogenous shock led to a huge rightward (downward) shift in the supply curve and to an increase both in the number of submissions and new researchers on the platform. The results suggest that had there been a larger increase in number of firms with bug bounty programs on the platform, many more unique software vulnerabilities would have been discovered. We quantify the benefits to the platform from the exogenous shock which enables us to shed light on the benefits associated with the gig economy.

My notes (saved in your browser only)

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.

Source provenance

europepmc
last seen: 2026-05-19T01:45:01.086888+00:00
unpaywall
last seen: 2026-07-19T06:49:21.617583+00:00