Bug Auctions : Vulnerability Markets Reconsidered

  title={Bug Auctions : Vulnerability Markets Reconsidered},
  author={Andy Ozment and Andy. Ozment},
Measuring software security is difficult and inexact; as a result, the market for secure software has been compared to a ‘market of lemons.’ Schechter has proposed a vulnerability market in which software producers offer a time-variable reward to free-market testers who identify vulnerabilities. This vulnerability market can be used to improve testing and to create a relative metric of product security. This paper argues that such a market can best be considered as an auction; auction theory is… CONTINUE READING
Highly Cited
This paper has 101 citations. REVIEW CITATIONS

From This Paper

Topics from this paper.


Publications citing this paper.
Showing 1-10 of 62 extracted citations

Harnessing Uncertainty in Vulnerability Market

2018 27th International Conference on Computer Communication and Networks (ICCCN) • 2018
View 1 Excerpt

Economic Factors of Vulnerability Trade and Exploitation

ACM Conference on Computer and Communications Security • 2017
View 2 Excerpts

101 Citations

Citations per Year
Semantic Scholar estimates that this publication has 101 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-10 of 28 references

A survey of auction theory

Paul Klemperer.

A survey of auction theory. In Paul Klemperer, editor, Auctions: Theory and Practice, chapter 1A

Paul Klemperer

Code that can’t be cracked

M. Corey Goldman
The Star, January • 2004

Quantitatively differentiating system security

Stuart Schechter
In Workshop on Economics and Information Security, • 2002

Similar Papers

Loading similar papers…