Herunterladbarer Inhalt
PDF HerunterladenRadianti, Jaziar with Jose Gonzalez and Eliot Rich, "A Quest for a Framework to Improve Software Security: Vulnerability Black Markets Scenario", 2009 July 26-2009 July 30
- 2009 July 26-2009 July 30
- Processing documentation available at: https://wiki.albany.edu/display/SCA/Processing+Ingested+Digital+Files
- Contact Us for questions or additional rights.
There are numerous discussions on possible leverage points in improving software quality and they have been placed in various context--from technical approach, improving user education to economic approach. One of central points of the discussions is on the best policy to handle vulnerability discoveries. Various approaches have been developed: from secret reporting, full-disclosure, responsible disclosure to a market approach. The dominant aspect of the latter is about the Vulnerability Black Market (VBM), which emerged due to the latter development, as an alternative for malicious hackers to sell exploits and malware that take advantage of the flaws in the software. The model in this paper draws on empirical observation on black markets and market-based approach for vulnerability discovery to generate a simple model of VBM. The model results suggest that efficient legal markets may attract malicious hackers to enter the legal markets and may reduce their likelihood to be involved in vulnerability black markets. However, better patching management may mitigate the abuse of software vulnerabilities.
This is the whole item.
ITEM CONTEXT
- This collection is part of the University Archives