Predicting the Effectiveness of Blockchain Bug Bounty Programs

Abstract

Bug bounty programs have proven to be an effective means for organizations to incentivize ethical hackers to report security vulnerabilities in their software. As the use of blockchain-based applications has grown, bug bounty programs have been established to identify vulnerabilities in these applications, such as smart contracts. However, bug bounty programs face unique challenges in encouraging ethical hackers. In this study, we collected data from about 200 bug bounty programs related to blockchain software from multiple bug bounty platforms. We analyzed the content of these programs and examined the involvement of ethical hackers, with the aim of examining the effectiveness of the current bug bounty programs for blockchain software. Additionally, we extracted various features from the content and format of the bug bounty programs and utilized them to construct a regression model that predicts the effectiveness of a program in drawing in ethical hackers. Our work is a fundamental step towards developing effective strategies for incentivizing ethical hackers in the blockchain domain.