The platformization of cybersecurity:uncovering articulation work in bug bounty platforms

The article investigates the articulation work i.e., the coordination and adjustment needed for collaboration, that the platform model generates. It specifically focuses on bug bounty platforms, where independent security researchers (or ‘hackers’) report security vulnerabilities to client organizations for a reward. While existing scholarship on bug bounty reveals how these platforms structure hackers’ labor, we look symmetrically and ask: How do bug bounty platforms shape the work of program managers on the clients’ side? We use data from 13 semi-structured interviews with bug bounty managers and concepts from platform studies and computer-supported cooperative work. Our study reveals, first, that managing a program requires four types of articulation work: (1) to attract quality hackers, (2) to manage the high number of reports (3) to find the internal asset owner, and (4) to negotiate the disclosure schedule with hackers. Second, managers consider this additional labor positively, despite some adversarial behaviors from hackers. This study makes a case to study how platforms shape labor on both the supply and the demand sides and calls for further analyses of platform labor using the concept of articulation work.