International Vulnerability Purchase Program (IVPP)

Bug Bounty

International Vulnerability Purchase Program (IVPP)

December 2013

Authors

Stefan Frei, Francisco Artes

Excerpt

Cyber security depends largely on reporting vulnerabilities under the practices of coordinated disclosure. Meanwhile, the black market is expanding rapidly and offering large rewards for the same information. We examine the economics of depriving cyber criminals' access to new vulnerabilities.

Download

International Vulnerability Purchase Program (IVPP) (pdf)

Outreach

The Case for a Compulsory Bug Bounty by Brian Krebs / KrebsOnSecurity
Good guys should compete with criminals in buying zero-day vulnerabilities by Antone Gonsalves / CSO Online
International Vulnerability Purchase Program – Why Buying All Vulnerabilities Above Black Market Prices Is Economically Sound by NSSLabs

International Vulnerability Purchase Program (IVPP)