Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
Is Finding Security Holes a Good Idea?
IEEE Security and Privacy
A comparison of market approaches to software vulnerability disclosure
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Why computer talents become computer hackers
Communications of the ACM
An empirical study of vulnerability rewards programs
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
A New Security Paradigms Workshop (2013) panel discussed the topic of ethical issues and implications related to markets for zero-day exploits, i.e., markets facilitating the sale of previously unknown details on how to exploit software vulnerabilities in target applications or systems. The related topic of vulnerability rewards programs ("bug bounties" offered by software vendors) was also discussed. This note provides selected background material submitted prior to the panel presentation, and summarizes discussion resulting from the input of both the panelists and NSPW participants.