2014
DOI: 10.1007/978-3-319-12601-2_4
|View full text |Cite
|
Sign up to set email alerts
|

Strategic Discovery and Sharing of Vulnerabilities in Competitive Environments

Abstract: Abstract. We investigate the incentives behind investments by competing companies in discovery of their security vulnerabilities and sharing of their findings. Specifically, we consider a game between competing firms that utilise a common platform in their systems. The game consists of two stages: firms must decide how much to invest in researching vulnerabilities, and thereafter, how much of their findings to share with their competitors. We fully characterise the Perfect Bayesian Equilibria (PBE) of this gam… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
8
0

Year Published

2015
2015
2022
2022

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 19 publications
(8 citation statements)
references
References 14 publications
0
8
0
Order By: Relevance
“…Let O = {o 1 , ..., on} represent the organizations participating in cybersecurity information sharing. Although various information can be shared among organizations such as raw network logs, attackers techniques, the signature of attacks, and the vulnerabilities' details, in this work, we particularly focus on sharing discovered security vulnerabilities as in [8]. In each sharing cycle, a set of vulnerabilities V = {v 1 , ..., vm} will be detected by the participant organizations.…”
Section: Overview and Problem Statementmentioning
confidence: 99%
See 2 more Smart Citations
“…Let O = {o 1 , ..., on} represent the organizations participating in cybersecurity information sharing. Although various information can be shared among organizations such as raw network logs, attackers techniques, the signature of attacks, and the vulnerabilities' details, in this work, we particularly focus on sharing discovered security vulnerabilities as in [8]. In each sharing cycle, a set of vulnerabilities V = {v 1 , ..., vm} will be detected by the participant organizations.…”
Section: Overview and Problem Statementmentioning
confidence: 99%
“…To facilitate sharing the cybersecurity information, various protocols and standards have been proposed such as TAXII, STIX, and CybOX [14,15]. The cybersecurity information sharing in competitive environments with the game theory approach has been studied in [7,8]. Economic analyses of cybersecurity information sharing and applying incentives for motivation have been studied in [6].…”
Section: Cybersecurity Information Sharingmentioning
confidence: 99%
See 1 more Smart Citation
“…The researches in [12][13] [14][15][2] [16] analyze information sharing in the context of cybersecurity. Those papers show that multiple factors impact cyber threat information sharing including competition [14], free riding [2], interconnection [17], and the possibility to exploit vulnerabilities for cyber war [16]. However, none of those work look into sharing cybersecurity information in cloud computing.…”
Section: Background On Cloud Computing Security and Information Smentioning
confidence: 99%
“…In our past work [18], we present an evolutionary game theoretic model to self-enforce firms toward participating in sharing framework by utilizing the participation cost in a tactical way. The work in [14] uses a two stage Bayesian game to analyze the information sharing decision of two strategic and competing firms. They established that the sharing strategies are unique and dominant, and are in the simple forms of full-sharing or no sharing completely determined by the competitive nature of the security findings.…”
Section: Background On Cloud Computing Security and Information Smentioning
confidence: 99%