Proposal of a novel bug bounty implementation using gamification

Jamie O'Hare*, Lynsay A. Shepherd*

*Corresponding author for this work

Research output: Working paper/PreprintPreprint


Despite significant popularity, the bug bounty process has remained broadly unchanged since its inception, with limited implementation of gamification aspects. Existing literature recognises that current methods generate intensive resource demands, and can encounter issues impacting program effectiveness. This paper proposes a novel bug bounty process aiming to alleviate resource demands and mitigate inherent issues. Through the additional crowdsourcing of report verification where fellow hackers perform vulnerability verification and reproduction, the client organisation can reduce overheads at the cost of rewarding more participants. The incorporation of gamification elements provides a substitute for monetary rewards, as well as presenting possible mitigation of bug bounty program effectiveness issues. Collectively, traits of the proposed process appear appropriate for resource and budget-constrained organisations - such as Higher Education institutions.
Original languageEnglish
Number of pages11
Publication statusPublished - 21 Sep 2020


  • Bug Bounty Program
  • Gamification
  • Vulnerability
  • Verification
  • Cybersecurity
  • Ethical Hacking


Dive into the research topics of 'Proposal of a novel bug bounty implementation using gamification'. Together they form a unique fingerprint.
  • Developing a gamified peer-reviewed bug bounty programme

    O'Hare, J. & Shepherd, L. A., 16 Jun 2022, HCI International 2022 Posters: 24th International Conference on Human-Computer Interaction, HCII 2022, Virtual Event, June 26 – July 1, 2022, Proceedings. Stephanidis, C., Antona, M. & Ntoa, S. (eds.). Cham: Springer, Vol. part IV. p. 514-522 9 p. (Communications in Computer and Information Science (CCIS); vol. 1583).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    1 Citation (Scopus)

Cite this