Signal Game Analysis between Software Vendors and Third-Party Platforms in Collaborative Disclosure of Network Security Vulnerabilities

Xiong, Qiang; Zhu, Yanyan; Zeng, Zhangying; Yang, Xinqi

doi:10.1155/2023/1027215

Cited by 3 publications

(1 citation statement)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, in addressing such issues, game theory has become the most suitable and preferred approach that is applicable for studying behavior interactions and strategy selection. Xiong et al [ 48 ] constructed a game model considering third-party vulnerability-sharing platforms and found that security researchers’ vulnerability disclosure behaviors are encouraged by establishing a credit system for patch development and improving the punishment mechanism for dishonesty. Xu et al [ 49 ] developed a game model to confirm government punishment mechanisms can facilitate win-win situations for enterprises and consumers in certain scenarios.…”

Section: Literature Reviewmentioning

confidence: 99%

Regulatory mechanism of vulnerability disclosure behavior considering security crowd-testing: An evolutionary game analysis

Zhao,

Yu,

Zhou

2024

PLoS ONE

View full text Add to dashboard Cite

The security crowd-testing regulatory mechanism is a vital means to promote collaborative vulnerability disclosure. However, existing regulatory mechanisms have not considered multi-agent responsibility boundaries and stakeholders’ conflicts of interest, leading to their dysfunction. Distinguishing from previous research on the motivations and constraints of ethical hacks’ vulnerability disclosure behaviors from a legal perspective, this paper constructs an evolutionary game model of SRCs, security researchers, and the government from a managerial perspective to propose regulatory mechanisms promoting tripartite collaborative vulnerability disclosure. The results show that the higher the initial willingness of the three parties to choose the collaborative strategy, the faster the system evolves into a stable state. Regarding the government’s incentive mechanism, establishing reward and punishment mechanisms based on effective thresholds is essential. However, it is worth noting that the government has an incentive to adopt such mechanisms only if it receives sufficient regulatory benefits. To further facilitate collaborative disclosure, Security Response Centers (SRC) should establish incentive mechanisms including punishment and trust mechanisms. Additionally, publicity and training mechanisms for security researchers should be introduced to reduce their revenue from illegal participation, which promotes the healthy development of security crowd-testing. These findings contribute to improving SRCs’ service quality, guiding security researchers’ legal participation, enhancing the government’s regulatory effectiveness, and ultimately establishing a multi-party collaborative vulnerability disclosure system.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Regulatory mechanism of vulnerability disclosure behavior considering security crowd-testing: An evolutionary game analysis

Zhao,

Yu,

Zhou

2024

PLoS ONE

View full text Add to dashboard Cite

show abstract

How Can Credit Supervision Mechanism Improve Security Crowdsourcing Ecosystem Governance: An Evolutionary Game Theory Perspective

Zhao,

Sun

2024

IEEE Access

View full text Add to dashboard Cite

To address the issues of illegal trading vulnerabilities and data leakage among security personnel resulting from the traditional governance in the security crowdsourcing ecosystem, this study introduces a "novel" credit supervision mechanism. By constructing a tripartite evolutionary game model involving the government, security crowdsourcing platforms, and security personnel, we analyze factors and mechanisms influencing the strategic choices of the three entities. The impact of different mechanisms on the system's evolutionary path is explored by numerical simulation. The results show that: 1) enhancing credibility benefits, reducing regulation costs, and strengthening governance efforts of the regulators can promote "good behavior" of the three entities; 2) the security crowdsourcing ecosystem is able to achieve an ideal stable state under certain conditions; 3) the "novel" credit supervision mechanism can be operated effectively based on the credit feedback mechanism; 4)improved collaborative governance effectively restrains security personnel from engaging in the illegal trading of vulnerabilities; 5) the government implementing a reasonable reward and punishment mechanism for platforms is optimal for achieving an ideal stable state. This study provides insights for enhancing the governance system in the security crowdsourcing ecosystem.

show abstract

The impact of regulatory mechanisms on vulnerability disclosure behavior during crowdsourcing cybersecurity testing

Zhao,

Yu,

Zhou

2023

MBE

View full text Add to dashboard Cite

<abstract><p>There are various regulatory mechanisms to coordinate vulnerability disclosure behaviors during crowdsourcing cybersecurity testing. However, in the case of unclear regulatory effectiveness, enterprises cannot obtain sufficient vulnerability information, third-party crowdsourcing cybersecurity testing platforms fail to provide trusted services, and the government lacks strong credibility. We have constructed a tripartite evolutionary game model to analyze the evolutionary process of the equilibrium of {legal disclosure, active operation, strict regulation}, and the paper reveals the impact of three regulatory mechanisms. We find that these participants' positive behaviors are in a stable state. Higher initial willingness accelerates the speed of reaching the evolutionary stability of the system, and this equilibrium is satisfied only if the governmental regulatory benefits are sufficiently high. Regarding the punishment mechanism, increased punishment for enterprises causes them to adopt positive behaviors faster, while the opposite occurs for platforms; increased punishment for platforms drives both participants to adopt positive behaviors faster. Concerning the subsidy mechanism, increased subsidy to enterprises causes them to adopt legal disclosure behaviors faster, while platforms remain unresponsive; increased subsidy to platforms motivates both players to choose their own positive behaviors. In terms of the collaborative disclosure mechanism, excessive collaborative costs reduce the platforms' willingness to operate actively, which decreases the enterprises' incentives to disclose vulnerability legally. These findings guide the government to establish suitable mechanisms to regulate the participants' behavior and promote the healthy development of the cybersecurity crowdsourcing industry.</p></abstract>

show abstract

Signal Game Analysis between Software Vendors and Third-Party Platforms in Collaborative Disclosure of Network Security Vulnerabilities

Cited by 3 publications

References 23 publications

Regulatory mechanism of vulnerability disclosure behavior considering security crowd-testing: An evolutionary game analysis

Regulatory mechanism of vulnerability disclosure behavior considering security crowd-testing: An evolutionary game analysis

How Can Credit Supervision Mechanism Improve Security Crowdsourcing Ecosystem Governance: An Evolutionary Game Theory Perspective

The impact of regulatory mechanisms on vulnerability disclosure behavior during crowdsourcing cybersecurity testing

Contact Info

Product

Resources

About