Are Markets for Vulnerabilities Effective?
نویسندگان
چکیده
Security vulnerabilities are inextricably linked to information systems. Unable to eliminate these vulnerabilities, the security community is left to minimize their impact. Unfortunately, current reward structures may be skewed towards benefiting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer some hope by providing incentives to responsible security researchers. However, concerns exist that any benefits gained through increased incentives may be more than lost through information leakage. Using two years of security alert data, we examine the effectiveness of market-based mechanisms. While market-mechanisms do not reduce the likelihood that a vulnerability will be exploited, we find evidence that markets increase the time to vulnerability exploit and decrease the overall volume of alerts.
منابع مشابه
A Quest for a Framework to Improve Software Security: Vulnerability Black Markets Scenario
The discovery and management of software vulnerabilities after a product is released to the public is an important element of improving software quality and stability. The discovery of vulnerabilities enables exploitation and stimulates the development of patches or other protections, which in turn may or may not be deployed by product users. Various approaches have been developed to facilitate...
متن کاملDetecting Passive Content Leaks and Pollution in Android Applications
In this paper, we systematically study two vulnerabilities and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unprotected Android component, i.e., content provider, inside vulnerable apps. Because of the lack of necessary access control enforcement, affected apps can be exploited to either passively disclose various types of private in-ap...
متن کاملمهارت های زندگی و پیشگیری از اعتیاد
Socially vulnerable people such as drug abusers have limited life skills to deal with social issues and social challenges. These people are not able to make appropriate and effective decisions in different and difficult situations in life, or choose the appropriate reconciliation strategy, due to the lack of knowledge and skills, as well as the plurality of problems and difficulties in life. Fo...
متن کاملSoftware Vulnerability Markets: Discoverers and Buyers
Some of the key aspects of vulnerability—discovery, dissemination, and disclosure—have received some attention recently. However, the role of interaction among the vulnerability discoverers and vulnerability acquirers has not yet been adequately addressed. Our study suggests that a major percentage of discoverers, a majority in some cases, are unaffiliated with the software developers and thus ...
متن کاملVulnerability Markets
Vulnerabilities are errors in computer systems which can be exploited to breach security mechanisms. Such information can be very valuable as it decides about the success of attack or defense in computer networks. This essay introduces into the economic perspective on computer security and discusses the advantages and drawbacks of different concepts for vulnerability markets, where security-rel...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- MIS Quarterly
دوره 36 شماره
صفحات -
تاریخ انتشار 2008