Vulnerability markets
- Type
- Paper
- Tags
- vulnerability
- Authors
- Rainer Böhme
- Event
- Chaos Communication Congress 22th (22C3) 2005
- Indexed on
- Mar 27, 2013
- URL
- http://events.ccc.de/congress/2005/fahrplan/attachments/542-Boehme2005_22C3_VulnerabilityMarkets.pdf
- File name
- 542-Boehme2005_22C3_VulnerabilityMarkets.pdf
- File size
- 149.0 KB
- MD5
- 08062440d839724bd4fa1496c084deb0
- SHA1
- f9d7386957a54156e19d7a3e8aeb1b6bff3603da
It is evident that information on vulnerabilities and information security threads is very valuable, but the market for it is neither structured nor liquid. This talk combines examples from real world information security business with academic arguments on the pros and cons of vulnerability markets, including vulnerability sharing circles, bug auctions, remote root derivatives, and cyber-insurance. Would we live in a more secure world if every geek could go and sell his exploit at the market price? How could this market eventually be organised? What are the incentives of market participants and where are dangers for conflicts of interest? Join us on a journey to a hypothetical world where information security is entirely melted into finance so that S&P quotes a daily kernel hardness index …
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
