66
[17] Aron Laszka, Mingyi Zhao, and Jens Grossklags. Banishing misaligned incentives for
validating reports in bug-bounty platforms. In European Symposium on Research in
Computer Security, pages 161–178. Springer, 2016.
[18] Aron Laszka, Mingyi Zhao, Akash Malbari, and Jens Grossklags. The rules of
engagement for bug bounty programs. In International Conference on Financial
Cryptography and Data Security, pages 138–159. Springer, 2018.
[19] Amir Lukach, Ehud Gudes, and Asaf Shabtai. Pua detection based on bundle installer
characteristics. In IFIP Annual Conference on Data and Applications Security and
Privacy, pages 261–273. Springer, 2020.
[20] Suresh S Malladi and Hemang C Subramanian. Bug bounty programs for cybersecurity:
Practices, issues, and recommendations. IEEE Software, 37(1):31–39, 2019.
[21] UK NCSC. Secure design principles: Guides for the design cyber secure systems. 2019.
[22] Gavin O’Gorman and Geoff McDonald. Ransomware: A growing menace. Symantec
Corporation Arizona, AZ, USA, 2012.
[23] Sharon M Ravitch and Matthew Riggan. Reason & rigor: How conceptual frameworks
guide research. Sage Publications, 2017.
[24] Jukka Ruohonen and Luca Allodi. A bug bounty perspective on the disclosure of web
vulnerabilities. arXiv preprint arXiv:1805.09850, 2018.
[25] Joanna Rutkowska. Introducing stealth malware taxonomy. COSEINC Advanced
Malware Labs, pages 1–9, 2006.
[26] Saman Shafigh, Boualem Benatallah, Carlos Rodr´ıguez, and Mortada Al-Banna. Why
some bug-bounty vulnerability reports are invalid? study of bug-bounty reports and
developing an out-of-scope taxonomy model. In Proceedings of the 15th ACM/IEEE In-
ternational Symposium on Empirical Software Engineering and Measurement (ESEM),
pages 1–6, 2021.
[27] Forrest Shull, Janice Singer, and Dag IK Sjøberg. Guide to advanced empirical software
engineering. Springer, 2007.
[28] Amutheezan Sivagnanam, Soodeh Atefi, Afiya Ayman, Jens Grossklags, and Aron
Laszka. On the benefits of bug bounty programs: A study of chromium vulnerabilities.
In Workshop on the Economics of Information Security (WEIS), volume 10, 2021.
[29] Dag IK Sjøberg, Tore Dyb˚a, Bente CD Anda, and Jo E Hannay. Building theories
in software engineering. In Guide to advanced empirical software engineering, pages
312–336. Springer, 2008.