Stefan Frei, Francisco Artes
The global economy increasingly has come to rely on information systems, and yet society remains in the early phases of adapting to the related opportunities and threats. Security depends largely on ethical researchers reporting vulnerabilities under the practices of coordinated disclosure. Meanwhile, the black market is expanding rapidly and offering large rewards for the same information. Traditional approaches based on "more of the same" cannot deliver better overall security. How much are those that bear the costs willing to pay to reduce their losses incurred as a result of cyber crime? It is time to examine the economics of depriving cyber criminals' access to new vulnerabilities through the systematic purchase of all vulnerabilities discovered at or above black market prices. Read this paper for a compelling argument for an international vulnerability purchase program (IVPP).
December 17, 2013