Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes

@article{Votipka2018HackersVT,
  title={Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes},
  author={Daniel Votipka and Rock Stevens and Elissa M. Redmiles and Jeremy Hu and Michelle L. Mazurek},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={374-391}
}
Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers could identify more vulnerabilities, software would be more secure at release time. Thus far, however, the processes used by each group — and how they… CONTINUE READING

Figures, Tables, and Topics from this paper.

References

Publications referenced by this paper.
SHOWING 1-10 OF 106 REFERENCES

2016 bug bounty hacker report

Hackerone
  • Hackerone, Tech. Rep., September 2016. [Online]. Available: https://hackerone.com/blog/bugbounty-hacker-report-2016
  • 2016
VIEW 7 EXCERPTS
HIGHLY INFLUENTIAL

Hackerone: Vulnerability coordination and bug bounty platform

HackerOne
  • HackerOne, 2016, (Accessed 02-18-2017). [Online]. Available: http://hackerone.com
  • 2016
VIEW 6 EXCERPTS
HIGHLY INFLUENTIAL

An Empirical Study of Vulnerability Rewards Programs

  • USENIX Security Symposium
  • 2013
VIEW 5 EXCERPTS
HIGHLY INFLUENTIAL

Hierarchical Task Analysis

VIEW 3 EXCERPTS
HIGHLY INFLUENTIAL

Similar Papers

Loading similar papers…