Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes

@article{Votipka2018HackersVT,
  title={Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes},
  author={Daniel Votipka and Rock Stevens and Elissa M. Redmiles and Jeremy Hu and Michelle L. Mazurek},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={374-391}
}
Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers could… CONTINUE READING