文章基本信息

标题：Are Markets for Vulnerabilities Effective?
本地全文：下载
作者：Ransbotham, Sam ; Mitra, Sabyasachi ; Ramsey, Jon 等
期刊名称：Management Information Systems Quarterly
出版年度：2012
卷号：36
期号：1
页码：43-64
出版社：Association for Information Systems
摘要：Current reward structures in security vulnerability disclosure may be skewed toward benefitting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer incentives to responsible security researchers for discovering and reporting vulnerabilities. However, concerns exist that any benefits gained through increased incentives for responsible discovery may be lost through information leakage. Using perspectives drawn from the diffusion of innovations literature, we examine the effectiveness of market-based vulnerability disclosure mechanisms. Empirical examination of two years of security alert data finds that market-based disclosure restricts the diffusion of vulnerability exploitations, reduces the risk of exploitation, and decreases the volume of exploitation attempts.
关键词：Information security; vulnerability disclosure; information technology policy