International Vulnerability Purchase Program (IVPP)


.

International Vulnerability Purchase Program (IVPP)

Authors
Stefan Frei, Francisco Artes


Summary
The global economy increasingly has come to rely on information systems, and yet society remains in the early phases of adapting to the related opportunities and threats. Security depends largely on ethical researchers reporting vulnerabilities under the practices of coordinated disclosure. Meanwhile, the black market is expanding rapidly and offering large rewards for the same information. Traditional approaches based on "more of the same" cannot deliver better overall security. How much are those that bear the costs willing to pay to reduce their losses incurred as a result of cyber crime? It is time to examine the economics of depriving cyber criminals' access to new vulnerabilities through the systematic purchase of all vulnerabilities discovered at or above black market prices. Read this paper for a compelling argument for an international vulnerability purchase program (IVPP).


Published
December 17, 2013


Downloads

  1. International_Vulnerability_Purchase_Program_IVPP_(2013).pdf
  2. Online Bug Bounty Cost Calculator
  3. Top 10 Vulnerable Vendors
  4. Slides: Area41 Talk, Zurich, 2014
  5. Slides: Internet Security Days, eco Kongress, Köln, 2014

Exteral Links

  1. List of all Bug Bounty Programs

About

HOME | TOOLS | BUG BOUNTY | TOP 10 | PUBLICATIONS IP Address: 54.157.52.205
Date Time: 2017-03-25 03:53:07
Recent Papers
Recent Press Coverage
© 2000-2017 Stefan Frei
techzoom.net