Information rules: a strategic guide to the network economy
Information rules: a strategic guide to the network economy
A framework for using insurance for cyber-risk management
Communications of the ACM
Assessing the Risk in E-commerce
HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 7 - Volume 7
Two Views on Security Software Liability: Let the Legal System Decide
IEEE Security and Privacy
Journal of Computer Security - IFIP 2000
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
International Journal of Electronic Commerce
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Information security economics - and beyond
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Dependability metrics
Security of economics information
AIKED'10 Proceedings of the 9th WSEAS international conference on Artificial intelligence, knowledge engineering and data bases
Security metrics and security investment models
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability
Proceedings of the 2012 workshop on New security paradigms
Markets for zero-day exploits: ethics and implications
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.00 |
Practical computer (in)security is largely driven by the existence of and knowledge about vulnerabilities, which can be exploited to breach security mechanisms. Although the discussion on details of responsible vulnerability disclosure is controversial, there is a sort of consensus that better information sharing is socially beneficial. In the recent years we observe the emerging of “vulnerability markets” as means to stimulate exchange of information. However, this term subsumes a broad range of different concepts, which are prone to confusion. This paper provides a first attempt to structure the field by (1) proposing a terminology for distinct concepts and (2) defining criteria to allow for a better comparability between different approaches. An application of this framework on four market types shows notable differences between the approaches.