The Survey

We are conducting a survey among security researchers who participate in bug bounty programs to understand their motivations and the challenges that they face. If you are interested after taking the survey, we might also invite you to participate in an interview. All data that we collect will be analyzed and published anonymously to protect the participants’ privacy. Results that we publish from this study can benefit the security researcher community by guiding bug bounty platforms and programs to create better bug bounties.

Researchers

amit

Amit Elazari

Dr. Amit Elazari Bar On is a Lecturer at the UC Berkeley School of Information, Master in Cybersecurity program, and the Director of Global Cybersecurity Policy at Intel.

amit.elazari@berkeley.edu

omer

Omer Akgul

Omer is a second year Computer Science PhD student at the University of Maryland.

akgul@cs.umd.edu

Aron

Aron Laszka

Aron Laszka is an Assistant Professor in the Department of Computer Science at the University of Houston.

alaszka@uh.edu

Taha

Taha Eghtesad

Taha is a first year Computer Science PhD student at the University of Houston.

teghtesad@uh.edu

Omprakash

Omprakash Gnawali

Omprakash is an Associate Professor in the Department of Computer Science at the University of Houston.

gnawali@cs.uh.edu

Dan

Daniel Votipka

Daniel is a third year Computer Science PhD student at the University of Maryland.

dvotipka@cs.umd.edu

Dan

Jens Grossklags

Prof. Grossklags is an Associate Professor for Cyber Trust and directs the Chair of Cyber Trust at the Department of Informatics at the Technical University of Munich.

jens.grossklags@in.tum.de

.

FAQ

1. WHY ARE YOU CONTACTING ME?

We are interested in understanding the motivations of bug bounty hunters and the challenges that they face. Our goal is to conduct an independent, unbiased study of the bug bounty community, to identify the most significant issues, and to provide guidance on how to make bug bounty programs better. We are seeking the participation of both experienced and novice security researchers to get a complete picture of the community.

2. WHO ARE YOU?

A group of academic researchers who are passionate about cybersecurity research and improving bug bounty programs. We are not affiliated with any bug bounty platforms.

3. WHAT HAPPENS IF I WANT TO PARTICIPATE?

If you choose to participate, you can follow the link above to take the survey, which will ask you a series of questions. We will invite a subset of the survey participants to online interviews. Your responses will be analyzed anonymously, and we will publish anonymous aggregated results in peer-reviewed, academic publications.

4. I AM CONCERNED ABOUT DATA SECURITY!

Fantastic! So are we! All your data will be kept confidential and will be accessible only to the researchers themselves.

5. WHAT’S IN IT FOR ME?

Our goal is to provide guidance to bug bounty platforms and programs on how to make bug bounty programs better by identifying and studying common issues. We will also reward interview participants with $20 Amazon gift cards.

6. WHAT HAPPENS IF I DO NOT WANT TO PARTICIPATE?

Nothing, you can just ignore this survey. Your information will not be recorded.