Strengthening DoD Cyber Security with the Vulnerability Market

  title={Strengthening DoD Cyber Security with the Vulnerability Market},
  author={Bradley C Panton and John M. Colombi and Michael R. Grimaila and Robert F. Mills},
Abstract : In the past decade, the DoD and defense contractors have witnessed an immense theft of intellectual property which originated inside and outside our borders. So how do these thefts occur when the DoD has one of the most secure and defended networks in the world? Every year, the DoD upgrades their IT systems, allows new applications to connect to the network, and reconfigures the enterprise to gain efficiencies. While these actions are often in support of the warfighter and securing… 

Figures and Tables from this paper

Road Warriors and Information Systems Security: Risks and Recommendations

This study focuses on the situation in which application software and/or its associated data are "in the cloud," i.e., on the Internet, physically away from the using person or organization, and results in both a loss of control and an increased exposure to Internet risks.

Ethics in cybersecurity research and practice

Examining Acquisition Leaders Readiness to Support Future LandCyber Operations

Abstract : The purpose of this research is to help define the necessary foundation for the acquisition leaders readiness for LandCyber operations through the next decade. This research examines


  • An Introduction to Cyber Modeling and Simulation
  • 2018

Exploit Derivatives & National Security

It is argued that a statutory safe harbor would allow the creation of a pilot market focused on vulnerabilities in Internet protocol version six, an emerging communications standard that China hopes to deploy throughout its national network before the 2008 Olympics.

Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress

A working definition for the term “cyber terrorism” is presented, plus background information describing how current technology and management processes may leave computers exposed to cyber-attack, and possible effects of a cyber- attack are discussed.

Bug Auctions: Vulnerability Markets Reconsidered

This paper argues that a vulnerability market in which software producers receive a time-variable reward to free-market testers who identify vulnerabilities can best be considered as an auction; auction theory is used to tune the structure of this ‘bug auction’ forency and to better defend against attacks.

Vulnerability Markets What is the economic value of a zero-day exploit ?

This essay introduces into the economic perspective on computer security and discusses the advantages and drawbacks of different concepts for vulnerability markets, where security-related information can be traded.

Why information security is hard - an economic perspective

  • Ross J. Anderson
  • Computer Science
    Seventeenth Annual Computer Security Applications Conference
  • 2001
The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives as it is due to technical measures.

Modeling Learningless Vulnerability Discovery using a Folded Distribution

Folded model performs better than the AML model in general for both model fitting and prediction capabilities in cases when the learning phase is not present, and this paper investigates the applicability of using a new vulnerability discovery model called Folded, based on the Folded normal distribution.

Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation

An examination of current policy shows that a number of changes could enable the IA C&A of aggregations of DoD information systems on a common platform.

Auctions in Defense Acquisition: Theory and Experimental Evidence

Abstract : When the Federal Acquisition Rules were rewritten in 1997, the Office of Management and Budget eliminated the prohibition on auctions. The enhanced technology currently available makes

What is Information Assurance

These terms and other basic terms such as information operations, and information warfare will be defined and discussed.

Reading Between the Lines: Lessons from the SDMI Challenge

The Secure Digital Music Initiative recently held a challenge to test the strength of four watermarking technologies, and two other security technologies, which accepted the challenge, and explored the inner workings of the technologies.