Understanding Hidden Information Security Threats: The Vulnerability Black Market

Author

Radianti, Jaziar ; Gonzalez, Jose J.

Author_Institution

Fac. of Eng. & Sci., Agder Univ. Coll., Grimstad

fYear

2007

fDate

Jan. 2007

Abstract

It has been discovered recently that there is a "black market" for software vulnerabilities. Criminals and terrorists can launch exploits toward organizations before system administrators have had a chance to apply a corrective patch. To counteract this threat, software vendors and security companies have been establishing a legitimate market for software vulnerabilities; they offer rewards for software bugs reported. To explain the basic traits of this phenomenon, we develop a system dynamics model showing the growth of the vulnerability black market. A simple conceptual model is developed and some simulations using the model are implemented to learn whether the attempt to legalize the vulnerability market helps to reduce the vulnerability information circulating in the black market

Keywords

DP industry; computer crime; black market; legitimate market; security threat; software vendors; software vulnerability; Computer hacking; Control systems; Educational institutions; Health and safety; Information security; Protection; Software debugging; Software quality; Software systems; Terrorism; Information Security; Integrated Operations.; Software Vulnerability; System Dynamics; Vulnerability Black Market;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on

Conference_Location

Waikoloa, HI

ISSN

1530-1605

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2007.583

Filename

4076693