Bug Bounty

Modelling the Security Ecosystem

We introduced a model of the security ecosystem to capture its major players and processes. On the basis of the model we analyzed and discussed the roles and incentives of the players involved, backed with empirical data of more than 27,000 vulnerabilities.

Security Econometrics - The Dynamics of (In)Security

In this dissertation we claim that knowledge of the vulnerability lifecycle (the vulnerability discovery-, exploit-, disclosure-, and patch-time) allows us to distinguish major processes in the security environment and to quantify the risk exposure and evolution thereof at macroscopic level.