A Comparison of Market Approaches to Software Vulnerability Disclosure
Practical computer (in)security is largely driven by the existence of and knowledge about vulnerabilities, which can be exploited to breach security mechanisms. Although the discussion on details of responsible vulnerability disclosure is controversial, there is a sort of consensus that better infor...
Saved in:
| Published in | Emerging Trends in Information and Communication Security pp. 298 - 311 |
|---|---|
| Main Author | |
| Format | Book Chapter |
| Language | English |
| Published |
Berlin, Heidelberg
Springer Berlin Heidelberg
2006
|
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 9783540346401 3540346406 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/11766155_21 |
Cover
| Abstract | Practical computer (in)security is largely driven by the existence of and knowledge about vulnerabilities, which can be exploited to breach security mechanisms. Although the discussion on details of responsible vulnerability disclosure is controversial, there is a sort of consensus that better information sharing is socially beneficial. In the recent years we observe the emerging of “vulnerability markets” as means to stimulate exchange of information. However, this term subsumes a broad range of different concepts, which are prone to confusion. This paper provides a first attempt to structure the field by (1) proposing a terminology for distinct concepts and (2) defining criteria to allow for a better comparability between different approaches. An application of this framework on four market types shows notable differences between the approaches. |
|---|---|
| AbstractList | Practical computer (in)security is largely driven by the existence of and knowledge about vulnerabilities, which can be exploited to breach security mechanisms. Although the discussion on details of responsible vulnerability disclosure is controversial, there is a sort of consensus that better information sharing is socially beneficial. In the recent years we observe the emerging of “vulnerability markets” as means to stimulate exchange of information. However, this term subsumes a broad range of different concepts, which are prone to confusion. This paper provides a first attempt to structure the field by (1) proposing a terminology for distinct concepts and (2) defining criteria to allow for a better comparability between different approaches. An application of this framework on four market types shows notable differences between the approaches. |
| Author | Böhme, Rainer |
| Author_xml | – sequence: 1 givenname: Rainer surname: Böhme fullname: Böhme, Rainer email: rainer.boehme@tu-dresden.de organization: Institute for System Architecture, Technische Universität Dresden, Dresden, Germany |
| BookMark | eNpVkD1PwzAURQ0UiVI68Qe8MgT8_JLYGatCAamIgY81sp1nCA1xZKdC_HuKYIC73OFKR1fnmE360BNjpyDOQQh1AaDKEoqilrDH5pXSWOQC8zKXxT6bQgmQIebVwb9NwIRNBQqZVSrHIzZP6U3sgqBy0FO2WvBleB9MbFPoefD8zsQNjXwxDDEY90qJj4E_BD9-mEj8edv1FI1tu3b85Jdtcl1I20gn7NCbLtH8t2fsaXX1uLzJ1vfXt8vFOksgcsi8JIWNJyulJrl75Qx6qaXVHp2wROBQAjpvtKxIKK91hVYZR420DRHO2NkPNw2x7V8o1jaETapB1N-O6j-O8AsK0VYZ |
| ContentType | Book Chapter |
| Copyright | Springer-Verlag Berlin Heidelberg 2006 |
| Copyright_xml | – notice: Springer-Verlag Berlin Heidelberg 2006 |
| DOI | 10.1007/11766155_21 |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9783540346425 3540346422 |
| EISSN | 1611-3349 |
| Editor | Müller, Günter |
| Editor_xml | – sequence: 1 givenname: Günter surname: Müller fullname: Müller, Günter email: guenter.mueller@iig.uni-freiburg.de |
| EndPage | 311 |
| GroupedDBID | -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS ADCXD AEFIE ALMA_UNASSIGNED_HOLDINGS EJD F5P FEDTE HVGLF LAS LDH P2P RNI RSU SVGTG VI1 ~02 |
| ID | FETCH-LOGICAL-s1041-f2e73dfeb228e2302ca3f282b8f3c0bee1c3213cfa829e07f8893b7aced2bdee3 |
| ISBN | 9783540346401 3540346406 |
| ISSN | 0302-9743 |
| IngestDate | Wed Sep 17 03:57:02 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-s1041-f2e73dfeb228e2302ca3f282b8f3c0bee1c3213cfa829e07f8893b7aced2bdee3 |
| PageCount | 14 |
| ParticipantIDs | springer_books_10_1007_11766155_21 |
| PublicationCentury | 2000 |
| PublicationDate | 2006 |
| PublicationDateYYYYMMDD | 2006-01-01 |
| PublicationDate_xml | – year: 2006 text: 2006 |
| PublicationDecade | 2000 |
| PublicationPlace | Berlin, Heidelberg |
| PublicationPlace_xml | – name: Berlin, Heidelberg |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSubtitle | International Conference, ETRICS 2006, Freiburg, Germany, June 6-9, 2006. Proceedings |
| PublicationTitle | Emerging Trends in Information and Communication Security |
| PublicationYear | 2006 |
| Publisher | Springer Berlin Heidelberg |
| Publisher_xml | – name: Springer Berlin Heidelberg |
| RelatedPersons | Kleinberg, Jon M. Mattern, Friedemann Nierstrasz, Oscar Tygar, Dough Steffen, Bernhard Kittler, Josef Vardi, Moshe Y. Weikum, Gerhard Sudan, Madhu Naor, Moni Mitchell, John C. Terzopoulos, Demetri Pandu Rangan, C. Kanade, Takeo Hutchison, David |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David organization: Lancaster University, UK – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo organization: Carnegie Mellon University, Pittsburgh, USA – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef organization: University of Surrey, Guildford, UK – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. organization: Cornell University, Ithaca, USA – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann organization: ETH Zurich, Switzerland – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. organization: Stanford University, CA, USA – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni organization: Weizmann Institute of Science, Rehovot, Israel – sequence: 8 givenname: Oscar surname: Nierstrasz fullname: Nierstrasz, Oscar organization: University of Bern, Switzerland – sequence: 9 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. organization: Indian Institute of Technology, Madras, India – sequence: 10 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard organization: University of Dortmund, Germany – sequence: 11 givenname: Madhu surname: Sudan fullname: Sudan, Madhu organization: Massachusetts Institute of Technology, MA, USA – sequence: 12 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri organization: University of California, Los Angeles, USA – sequence: 13 givenname: Dough surname: Tygar fullname: Tygar, Dough organization: University of California, Berkeley, USA – sequence: 14 givenname: Moshe Y. surname: Vardi fullname: Vardi, Moshe Y. organization: Rice University, Houston, USA – sequence: 15 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard organization: Max-Planck Institute of Computer Science, Saarbruecken, Germany |
| SSID | ssj0000317418 ssj0002792 |
| Score | 1.3697793 |
| Snippet | Practical computer (in)security is largely driven by the existence of and knowledge about vulnerabilities, which can be exploited to breach security... |
| SourceID | springer |
| SourceType | Publisher |
| StartPage | 298 |
| SubjectTerms | Computer Security Information Security Price Quote Software Vendor Trusted Third Party |
| Title | A Comparison of Market Approaches to Software Vulnerability Disclosure |
| URI | http://link.springer.com/10.1007/11766155_21 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LS8NAEF60IogH3_hmEW8SMbtpkh48qChSqhcfeCu7ySwepAGbIvrrndlHY1VEvYQS0maZr5nMzsz3DWP7RZJLyDREpq06UYIBa6QFPo-likWmRNtoO4fs6jq9vEu6D-2HRp7AsktqfVi8fcsr-Q-qeA5xJZbsH5Ad_yiewM-ILx4RYTx-Cn4n06wuj07ESdroN22tnltUhxbjCfaHT63XDYOBiuSn6aObk06FntCp6_uXnbMIQwotrQdqilstC8tpQ9ygG3-h7rH70RMJWNte21cS9SyeqqGXK7HWgOFxzxcsrqva9oEdhJkSwcX8mIMIOciDHyS6fIpJJmniv-lZW-iRcU_jnBw4J5yStKJ0UqbBsbpZ1f4dLZ2D_uL-XcdHTKKXGCf1SWBgGu_bYjMn593e_Tj5hp6MVHvGr2xSUXTlJrcYTwKyi01nx_kxt3jP8iQC5oc7famk2wDldpHNE2mFE5sEzbnEpmCwzBaCebk37wq7OOENqLwy3IHKG1B5XfEAKp8AlTegrrK7i_Pbs8vIj9KIhrjfjiMjIJOlAS1EDrjrFIWSBnfbOjeyONIAcSFFLAujctGBo8zkGMfqTBVQCl0CyDXWGlQDWGdcQUcoTfqVVFQnnrPBRxripEwUVf032F4wRJ8ejmE_KGN_sNbmby7aYnPNn22bternEexgCFjrXQ_oOw2AVqs |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Emerging+Trends+in+Information+and+Communication+Security&rft.au=B%C3%B6hme%2C+Rainer&rft.atitle=A+Comparison+of+Market+Approaches+to+Software+Vulnerability+Disclosure&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2006-01-01&rft.pub=Springer+Berlin+Heidelberg&rft.isbn=9783540346401&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=298&rft.epage=311&rft_id=info:doi/10.1007%2F11766155_21 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0302-9743&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0302-9743&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0302-9743&client=summon |