A Comparison of Market Approaches to Software Vulnerability Disclosure

  • Rainer Böhme
Conference paper

DOI: 10.1007/11766155_21

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)
Cite this paper as:
Böhme R. (2006) A Comparison of Market Approaches to Software Vulnerability Disclosure. In: Müller G. (eds) Emerging Trends in Information and Communication Security. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg


Practical computer (in)security is largely driven by the existence of and knowledge about vulnerabilities, which can be exploited to breach security mechanisms. Although the discussion on details of responsible vulnerability disclosure is controversial, there is a sort of consensus that better information sharing is socially beneficial. In the recent years we observe the emerging of “vulnerability markets” as means to stimulate exchange of information. However, this term subsumes a broad range of different concepts, which are prone to confusion. This paper provides a first attempt to structure the field by (1) proposing a terminology for distinct concepts and (2) defining criteria to allow for a better comparability between different approaches. An application of this framework on four market types shows notable differences between the approaches.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Rainer Böhme
    • 1
  1. 1.Institute for System ArchitectureTechnische Universität DresdenDresdenGermany

Personalised recommendations