<![CDATA[Digital transformation within government agencies has expanded the number of public-sector digital assets that require continuous cybersecurity protection. However, vulnerability reporting mechanisms in Indonesia remain fragmented, unstandardized, and legally ambiguous, limiting effective collaboration between ethical hackers and government institutions. This study explores the motivations, preferences, and challenges experienced by active vulnerability researchers in participating in government-led Vulnerability Disclosure Programs (VDPs). A descriptive qualitative approach was applied using open- and closed-ended online questionnaires completed by six respondents with proven experience in legal vulnerability reporting. The findings reveal that clear scope definition, transparent rules, timely responses, and legal protection (safe harbour) are the primary factors influencing participation. Although financial incentives are considered beneficial, most participants are willing to report without monetary rewards when non-financial recognition—such as points, badges, or official acknowledgment—is provided. The study also identifies key barriers, including unclear scope, lack of government responsiveness, and concerns regarding legal repercussions. Based on these insights, this work proposes a structured and centralized vulnerability reporting framework tailored for government environments. The proposed model emphasizes clear policies, triage transparency, non-monetary recognition systems, and safe-harbour protections to strengthen national cybersecurity resilience through collaborative public engagement.]]>
Copyrights © 2025
