Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes

@article{Votipka2018HackersVT,
  title={Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes},
  author={Daniel Votipka and Rock Stevens and Elissa M. Redmiles and Jeremy Hu and Michelle L. Mazurek},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={374-391}
}
Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers could identify more vulnerabilities, software would be more secure at release time. Thus far, however, the processes used by each group — and how they… CONTINUE READING

From This Paper

Figures, tables, and topics from this paper.

Citations

Publications citing this paper.

References

Publications referenced by this paper.
Showing 1-10 of 108 references

2016 bug bounty hacker report

Hackerone
Hackerone, Tech. Rep., September 2016. [Online]. Available: https://hackerone.com/blog/bugbounty-hacker-report-2016 • 2016
View 7 Excerpts
Highly Influenced

Hackerone: Vulnerability coordination and bug bounty platform

HackerOne
HackerOne, 2016, (Accessed 02-18-2017). [Online]. Available: http://hackerone.com • 2016
View 6 Excerpts
Highly Influenced

Inside the mind of a hacker

BugCrowd
BugCrowd, 2016, (Accessed 02-18-2017). [Online]. Available: https://pages.bugcrowd.com/insidethe-mind-of-a-hacker-2016 • 2016
View 4 Excerpts
Highly Influenced

An Empirical Study of Vulnerability Rewards Programs

USENIX Security Symposium • 2013
View 5 Excerpts
Highly Influenced

A Stitch in Time: Supporting Android Developers in WritingSecure Code

ACM Conference on Computer and Communications Security • 2017

Americans and cybersecurity

K. Olmstead, A. Smith
Pew Research Center, 2017, (Accessed 07-15-2017). [Online]. Available: http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/ • 2017
View 1 Excerpt

Similar Papers

Loading similar papers…