CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Are markets for vulnerabilities effective?
MIS Quarterly
Hi-index | 0.00 |
It has been discovered recently that there is a "black market" for software vulnerabilities. Criminals and terrorists can launch exploits toward organizations before system administrators have had a chance to apply a corrective patch. To counteract this threat, software vendors and security companies have been establishing a legitimate market for software vulnerabilities; they offer rewards for software bugs reported. To explain the basic traits of this phenomenon, we develop a system dynamics model showing the growth of the vulnerability black market. A simple conceptual model is developed and some simulations using the model are implemented to learn whether the attempt to legalize the vulnerability market helps to reduce the vulnerability information circulating in the black market.