Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms
暂无分享,去创建一个
[1] Serge Egelman,et al. Markets for zero-day exploits: ethics and implications , 2013, NSPW '13.
[2] Kai Chen,et al. An Exploratory Study of White Hat Behaviors in a Web Vulnerability Disclosure Program , 2014, SIW '14.
[3] A. Ozment,et al. Bug Auctions: Vulnerability Markets Reconsidered , 2004 .
[4] Muhammad Zubair Shafiq,et al. A large scale exploratory analysis of software vulnerability life cycles , 2012, 2012 34th International Conference on Software Engineering (ICSE).
[5] Yashwant K. Malaiya,et al. Software Vulnerability Markets: Discoverers and Buyers , 2014 .
[6] Ross J. Anderson,et al. Murphy’s law, the fitness of evolving species, and the limits of software reliability , 1999 .
[7] Cheng Huang,et al. A study on Web security incidents in China by analyzing vulnerability disclosure platforms , 2016, Comput. Secur..
[8] Stuart E. Schechter,et al. Milk or Wine: Does Software Security Improve with Age? , 2006, USENIX Security Symposium.
[9] Ross J. Anderson,et al. Security in open versus closed systems - the dance of Boltzmann , 2002 .
[10] Andy Ozment,et al. The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting , 2005, WEIS.
[11] Wouter Joosen,et al. Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals , 2014, CCS.
[12] David C. Parkes,et al. A market-based approach to software evolution , 2009, OOPSLA Companion.
[13] Yashwant K. Malaiya,et al. Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).
[14] David A. Wagner,et al. An Empirical Study of Vulnerability Rewards Programs , 2013, USENIX Security Symposium.
[15] Giovanni Vigna,et al. Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners , 2010, DIMVA.
[16] Peng Liu,et al. An Empirical Study of Web Vulnerability Discovery Ecosystems , 2015, CCS.
[17] Peng Liu,et al. Empirical Analysis and Modeling of Black-Box Mutational Fuzzing , 2016, ESSoS.
[18] Eric Rescorla,et al. Is finding security holes a good idea? , 2005, IEEE Security & Privacy.
[19] Bernhard Plattner,et al. Modelling the Security Ecosystem- The Dynamics of (In)Security , 2009, WEIS.
[20] David A. Wagner,et al. An Empirical Study on the Effectiveness of Security Code Review , 2013, ESSoS.
[21] Jens Grossklags,et al. Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs , 2016, J. Cybersecur..
[22] Martin C. Libicki,et al. The Defender's Dilemma: Charting a Course Toward Cybersecurity , 2015 .
[23] Rainer Böhme,et al. A Comparison of Market Approaches to Software Vulnerability Disclosure , 2006, ETRICS.
[24] Stuart E. Schechter. How to Buy Better Testing , 2002, InfraSec.
[25] Rahul Telang,et al. Market for Software Vulnerabilities? Think Again , 2005, Manag. Sci..
[26] Sam Ransbotham,et al. Are Markets for Vulnerabilities Effective? , 2012, MIS Q..