DSRT Select Dissertation topic in Information Technology
Effectiveness of Bug Bounty Program in preventing security vulnerabilities associated with Trust Delegations in Hybrid Cloud
Effectiveness of Bug Bounty Program in preventing security vulnerabilities associated with Trust Delegations in Hybrid Cloud
Problem Comment by Jerry Alsay: What is the general problem surrounding this issue? What is the specific problem surrounding this issue? In your specific problem, I should see your research variables. Why should your audience care about what you are trying to study, in a general sense and in a specific sense? Remember, you are speaking to two audience. The professional community and the academic community. You should have at least two paragraph to describe your problem with backing to prove your point. If this is a problem than you should see people taking about why it’s a problem. I should see your research variables in your specific problem statement. Comment by Jerry Alsay: Format your paper in sections: Problem Statement/Research Questions/Research Variables/Theoretical Framework/Population/Sample Size
The bug bounty is a program that involves rewarding individuals for identifying and reporting vulnerabilities in a system before hackers exploit that vulnerability. Although the first bug bounty program was introduced in 1983, the program is becoming increasingly significant with time. Today, many developers, organizations, and websites use the program to enhance cloud security (Walshe & Simpson, 2020). A study by Craig mentioned trust delegation as the primary source of vulnerability in hybrid clouds. Compared to other clouds, the hybrid cloud accommodates private, public, and community clouds with different security levels, leading to a more complicated infrastructure (Gupta et al., 2-21). Studies reveal that the pantheon platform is the most exploited trust delegation that puts hybrid cloud at risk. Efforts are implemented to reduce these vulnerabilities, and the bug bounty program has been highly advocated by researchers recently, including Laprade Craig. Craig has suspicions that bug bounty programs work, considering his assessment of vulnerability checks against bug bounty programs. On the other hand, other researchers argue that individuals are motivated by rewards rather than the need to secure systems (Zhao et al., 2016). Due to conflicting hypotheses, it is essential to conduct research that will help establish the program's effectiveness.
Population Comment by Jerry Alsay: You should not be stating your inclusion/exclusion just yet. You should just state your population, why you choose said population and your sample size and why you choose said sample size.
I will use medium-sized organizations that deploy bug bounty programs and those that do not. The organizations must be operating on a hybrid cloud and adopted the program to minimize system vulnerability. The participants will be senior managers and IT experts who worked in these organizations. Research reveals that approximately 7 million employees can take part in IT decision-making (Darko et al., 2017). Study also reports that the US is ranked fourth worldwide in terms of technological expertise. Therefore, it is easier to get people who are willing to provide information. The managers will give information from a competitive advantage approach, while the IT specialists will be resourceful from the technical process.
Methodology Comment by Jerry Alsay: Okay. You will use qualitative as your method. What will you use as your research design? You should have sources to back why both is best for this study.
I will use a qualitative approach to gather in-depth information on the efficacy of bug bounty programs. A qualitative method is selected due to its ability to collect in-depth information about the topic (Bergen & Labonte, 2020). Qualitative research is also open-ended and gives respondents a chance to share their experiences. Semi-structured interviews will be conducted to collect relevant information and be analyzed through content analysis.
Theory Comment by Jerry Alsay: You will need more research on why game theory is the best base for your theorical framework. What about the theories for your research variables? What are your research(independent/dependent) variables?
I will use the game theory that observes cyber incidents and analyzes the interaction between attackers, users, and defenders to produce an outcome (Kakkad et al., 2019). The approach will be used to analyze the outcome from changing users and researchers to vulnerability detectors.
Related study: Laprade, C. (2021). Domain Name Service Trust Delegation in Cloud Computing: Exploitation, Risks, and Défense (Doctoral dissertation, The George Washington University).
The researcher used the OSINT gathering and processing technique to identify vulnerable trust delegations. The researcher then used a systematic review to identify proposed solutions to address security concerns resulting from trust delegations. The systems found to be highly vulnerable are news and media, education systems, pantheon, and Microsoft Azure. Craig mentioned that according to the literature, existing solutions are the Domain Name System Security Extensions (DNSSEC), Next Secure Record (NSEC), Specific Value Record Verification, and Domain Attack Surface Monitoring. The researcher proposed other solutions such as Apex Domain Verification, Assessment, and Via Trust Breaker. The researcher further noted that the bug bounty program is suspected to be effective that there is no research on its efficacy. Therefore, he proposed it for future work, which is why I opted to assess its effectiveness.
References Comment by Jerry Alsay: You will need more sources than this. You are trying to justify your study is worth doing.
Bergen, N., & Labonté, R. (2020). “Everything is perfect, and we have no problems”: detecting and limiting social desirability bias in qualitative research. Qualitative health research, 30(5), 783-792.
Darko, A., Chan, A. P. C., Ameyaw, E. E., He, B. J., & Olanipekun, A. O. (2017). Examining issues influencing green building technologies adoption: The United States green building experts’ perspectives. Energy and Buildings, 144, 320-332.
Gupta, B. B., Chaudhary, P., Peraković, D., & Psannis, K. (2021). Privacy Concerns and Trust Issues. In Managing IoT and Mobile Technologies with Innovation, Trust, and Sustainable Computing (pp. 17-33). CRC Press.
Kakkad, V., Shah, H., Patel, R., & Doshi, N. (2019). A Comparative study of applications of Game Theory in Cyber Security and Cloud Computing. Procedia Computer Science, 155, 680-685.
Walshe, T., & Simpson, A. (2020, February). An empirical study of bug bounty programs. In 2020 IEEE 2nd International Workshop on Intelligent Bug Fixing (IBF) (pp. 35-44). IEEE.
Zhao, M., Laszka, A., Maillart, T., & Grossklags, J. (2016, November). Crowdsourced security vulnerability discovery: Modelling and organizing bug-bounty programs. In The HCOMP Workshop on Mathematical Foundations of Human Computation, Austin, TX, USA.