The impact of regulatory mechanisms on vulnerability disclosure behavior during crowdsourcing cybersecurity testing

Abstract: <abstract><p>There are various regulatory mechanisms to coordinate vulnerability disclosure behaviors during crowdsourcing cybersecurity testing. However, in the case of unclear regulatory effectiveness, enterprises cannot obtain sufficient vulnerability information, third-party crowdsourcing cybersecurity testing platforms fail to provide trusted services, and the government lacks strong credibility. We have constructed a tripartite evolutionary game model to analyze the evolutionary process of th… Show more

“…Chen et al [ 50 ] constructed a similar evolutionary game model for government subsidies, which also concluded that excessive government subsidies are detrimental to reaching the system’s steady state. Thirdly, in terms of the government’s incentive mechanisms for security researchers, different from the findings of Zhao et al [ 56 ], we find that compared to incentive mechanisms for SRCs, the government’s increasing punishments for security researchers are more effective, which can encourage SRCs to adopt cooperative strategies by regulating security researchers’ behaviors. Fourthly, in terms of SRCs’ incentive mechanisms for security researchers, while SRCs’ increasing punishments for security researchers may decelerate the government reaching a stable state, it can compensate for the government’s deficiencies in sole regulation by forming a society-wide co-regulatory system as mentioned by Chen et al [ 53 ], but excessive punishments should be avoided.…”

“…With reference to the parameter setting method of Liu et al [ 54 ], the parameter values in this study are mainly determined by two methods. Firstly, based on real cases and literature references, we refer to parameter values and research results from Walshe et al [ 55 ] and Zhao et al [ 56 ], setting: P 1 = 20, P 2 = 50, C 2 = 20, L 1 = 60, L 3 = 100. Based on the policy text analysis of the “Cyber Security Law of the People’s Republic of China”, setting: R = 100, C 3 = 50, A = 20, K 1 = 15, K 2 = 35.…”

Regulatory mechanism of vulnerability disclosure behavior considering security crowd-testing: An evolutionary game analysis

“…Chen et al [ 50 ] constructed a similar evolutionary game model for government subsidies, which also concluded that excessive government subsidies are detrimental to reaching the system’s steady state. Thirdly, in terms of the government’s incentive mechanisms for security researchers, different from the findings of Zhao et al [ 56 ], we find that compared to incentive mechanisms for SRCs, the government’s increasing punishments for security researchers are more effective, which can encourage SRCs to adopt cooperative strategies by regulating security researchers’ behaviors. Fourthly, in terms of SRCs’ incentive mechanisms for security researchers, while SRCs’ increasing punishments for security researchers may decelerate the government reaching a stable state, it can compensate for the government’s deficiencies in sole regulation by forming a society-wide co-regulatory system as mentioned by Chen et al [ 53 ], but excessive punishments should be avoided.…”

“…With reference to the parameter setting method of Liu et al [ 54 ], the parameter values in this study are mainly determined by two methods. Firstly, based on real cases and literature references, we refer to parameter values and research results from Walshe et al [ 55 ] and Zhao et al [ 56 ], setting: P 1 = 20, P 2 = 50, C 2 = 20, L 1 = 60, L 3 = 100. Based on the policy text analysis of the “Cyber Security Law of the People’s Republic of China”, setting: R = 100, C 3 = 50, A = 20, K 1 = 15, K 2 = 35.…”

Regulatory mechanism of vulnerability disclosure behavior considering security crowd-testing: An evolutionary game analysis