Title :
Understanding Hidden Information Security Threats: The Vulnerability Black Market
Author :
Radianti, Jaziar ; Gonzalez, Jose J.
Author_Institution :
Fac. of Eng. & Sci., Agder Univ. Coll., Grimstad
Abstract :
It has been discovered recently that there is a "black market" for software vulnerabilities. Criminals and terrorists can launch exploits toward organizations before system administrators have had a chance to apply a corrective patch. To counteract this threat, software vendors and security companies have been establishing a legitimate market for software vulnerabilities; they offer rewards for software bugs reported. To explain the basic traits of this phenomenon, we develop a system dynamics model showing the growth of the vulnerability black market. A simple conceptual model is developed and some simulations using the model are implemented to learn whether the attempt to legalize the vulnerability market helps to reduce the vulnerability information circulating in the black market
Keywords :
DP industry; computer crime; black market; legitimate market; security threat; software vendors; software vulnerability; Computer hacking; Control systems; Educational institutions; Health and safety; Information security; Protection; Software debugging; Software quality; Software systems; Terrorism; Information Security; Integrated Operations.; Software Vulnerability; System Dynamics; Vulnerability Black Market;
Conference_Titel :
System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on
Conference_Location :
Waikoloa, HI
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2007.583
