Add to ORKGMeasuring software security is difficult and inexact; as a result, the market for secure software has been compared to a `market of lemons.' Schechter has proposed a vulnerability market in which software producers offer a time-variable reward to free-market testers who identify vulnerabilities. This vulnerability market can be used to improve testing and to create a relative metric of product security. This paper argues that such a market can best be considered as an auction; auction theory is then used to tune the structure of this `bug auction' for efficiency and to better defend against attacks. The incentives for the software producer are also considered, and some fundamental problems with the concept are articulated
We empirically estimate the effect of competition on vendor patching of software defects by exploiti...
Many software developers employ bug bounty programs that award a prize for the detection of bugs in ...
Security vulnerabilities are inextricably linked to information systems. Unable to eliminate these v...
Software vulnerability disclosure has become a critical area of concern for policymakers. Traditiona...
Some of the key aspects of vulnerability—discovery, dissemination, and disclosure—have received some...
Some of the key aspects of vulnerability-discovery, dissemination, and disclosure-have received some...
Some of the key aspects of vulnerability-discovery, dissemination, and disclosure-have received some...
Exploitations of zero-day vulnerabilities cause enormous damages to organizations. Hence, organizati...
Vulnerability lifecycles and the vulnerability markets are related in a manner that can lead to seri...
Today, one of the challenges in software engineering is utilizing application lifecycle management (...
Researchers in the area of information security have mainly been concerned with tools, techniques an...
The pertinent questions therefore are: first, could software vulnerabilities be obviated simply by a...
Nowadays, it is not difficult to conjure up images of hacked power plants, remote-hijacked public t...
The act of searching for security flaws (vulnerabilities) in a piece of software was previously cons...
The abundance of flawed software has been identified as the main cause of the poor security of compu...
We empirically estimate the effect of competition on vendor patching of software defects by exploiti...
Many software developers employ bug bounty programs that award a prize for the detection of bugs in ...
Security vulnerabilities are inextricably linked to information systems. Unable to eliminate these v...
Software vulnerability disclosure has become a critical area of concern for policymakers. Traditiona...
Some of the key aspects of vulnerability—discovery, dissemination, and disclosure—have received some...
Some of the key aspects of vulnerability-discovery, dissemination, and disclosure-have received some...
Some of the key aspects of vulnerability-discovery, dissemination, and disclosure-have received some...
Exploitations of zero-day vulnerabilities cause enormous damages to organizations. Hence, organizati...
Vulnerability lifecycles and the vulnerability markets are related in a manner that can lead to seri...
Today, one of the challenges in software engineering is utilizing application lifecycle management (...
Researchers in the area of information security have mainly been concerned with tools, techniques an...
The pertinent questions therefore are: first, could software vulnerabilities be obviated simply by a...
Nowadays, it is not difficult to conjure up images of hacked power plants, remote-hijacked public t...
The act of searching for security flaws (vulnerabilities) in a piece of software was previously cons...
The abundance of flawed software has been identified as the main cause of the poor security of compu...
We empirically estimate the effect of competition on vendor patching of software defects by exploiti...
Many software developers employ bug bounty programs that award a prize for the detection of bugs in ...
Security vulnerabilities are inextricably linked to information systems. Unable to eliminate these v...