TY - GEN
T1 - An exploratory study of white hat behaviors in a web vulnerability disclosure program
AU - Zhao, Mingyi
AU - Grossklags, Jens
AU - Chen, Kai
N1 - Publisher Copyright:
Copyright © 2014 by the Association for Computing Machinery, Inc. (ACM).
PY - 2014/11/7
Y1 - 2014/11/7
N2 - White hats are making significant contributions to cybersecurity by submitting vulnerability discovery reports to public vulnerability disclosure programs and company-initiated vulnerability reward programs. In this paper, we study white hat behaviors by analyzing a 3.5-year dataset which documents the contributions of 3254 white hats and their submitted 16446 Web vulnerability reports. Our dataset is collected from Wooyun, the predominant Web vulnerability disclosure program in China. We first show that Wooyun is continuously attracting new contributors from the white hat community. We then examine white hats' contributions along several dimensions. In particular, we provide evidence about the diversity inside Wooyun's white hat community and discuss the importance of this diversity for vulnerability discovery. Our results suggest that more participation, and thereby more diversity, contributes to higher productivity of the vulnerability discovery process.
AB - White hats are making significant contributions to cybersecurity by submitting vulnerability discovery reports to public vulnerability disclosure programs and company-initiated vulnerability reward programs. In this paper, we study white hat behaviors by analyzing a 3.5-year dataset which documents the contributions of 3254 white hats and their submitted 16446 Web vulnerability reports. Our dataset is collected from Wooyun, the predominant Web vulnerability disclosure program in China. We first show that Wooyun is continuously attracting new contributors from the white hat community. We then examine white hats' contributions along several dimensions. In particular, we provide evidence about the diversity inside Wooyun's white hat community and discuss the importance of this diversity for vulnerability discovery. Our results suggest that more participation, and thereby more diversity, contributes to higher productivity of the vulnerability discovery process.
UR - http://www.scopus.com/inward/record.url?scp=84937677217&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84937677217&partnerID=8YFLogxK
U2 - 10.1145/2663887.2663906
DO - 10.1145/2663887.2663906
M3 - Conference contribution
AN - SCOPUS:84937677217
SN - 9781450331524
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 51
EP - 58
BT - SIW 2014 - Proceedings of the 2014 ACM Workshop on Security Information Workers, Co-located with CCS 2014
PB - Association for Computing Machinery
T2 - 2014 ACM Workshop on Security Information Workers, SIW 2014 - Co-located with CCS 2014
Y2 - 7 November 2014
ER -