PatrIoT: practical and agile threat research for IoT
Abstract The Internet of things (IoT) products, which have been widely adopted, still pose
challenges in the modern cybersecurity landscape. Many IoT devices are resource …
challenges in the modern cybersecurity landscape. Many IoT devices are resource …
An empirical study of bug bounty programs
The task of identifying vulnerabilities is commonly outsourced to hackers participating in bug
bounty programs. As of July 2019, bug bounty platforms such as HackerOne have over 200 …
bounty programs. As of July 2019, bug bounty platforms such as HackerOne have over 200 …
Bug {Hunters'} Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem
Although researchers have characterized the bug-bounty ecosystem from the point of view
of platforms and programs, minimal effort has been made to understand the perspectives of …
of platforms and programs, minimal effort has been made to understand the perspectives of …
Vulnerability discovery for all: Experiences of marginalization in vulnerability discovery
Vulnerability discovery is an essential aspect of software security. Currently, the demand for
security experts significantly exceeds the available vulnerability discovery workforce …
security experts significantly exceeds the available vulnerability discovery workforce …
Vulnerability disclosure mechanisms: A synthesis and framework for market-based and non-market-based disclosures
Vulnerability disclosure has been a controversial topic among scholars and practitioners.
Most scholars agree on adopting the responsible disclosure practices for vulnerability …
Most scholars agree on adopting the responsible disclosure practices for vulnerability …
The historical relationship between the software vulnerability lifecycle and vulnerability markets: Security and economic risks
AM Algarni - Computers, 2022 - mdpi.com
Vulnerability lifecycles and the vulnerability markets are related in a manner that can lead to
serious security and economic risks, especially regarding black markets. In the current era …
serious security and economic risks, especially regarding black markets. In the current era …
Productivity and patterns of activity in bug bounty programs: Analysis of HackerOne and Google vulnerability research
D Luna, L Allodi, M Cremonini - … of the 14th International Conference on …, 2019 - dl.acm.org
In this work, we considered two well-known bug bounty programs-HackerOne and Google
Vulnerability Research-with the goal of investigating patterns of activity and comparing …
Vulnerability Research-with the goal of investigating patterns of activity and comparing …
A case study on software vulnerability coordination
Context: Coordination is a fundamental tenet of software engineering. Coordination is
required also for identifying discovered and disclosed software vulnerabilities with Common …
required also for identifying discovered and disclosed software vulnerabilities with Common …
What's in an Exploit? An Empirical Analysis of Reflected Server {XSS} Exploitation Techniques
AS Buyukkayhan, C Gemicioglu, T Lauinger… - … on Research in Attacks …, 2020 - usenix.org
Cross-Site Scripting (XSS) is one of the most prevalent vulnerabilities on the Web. While
exploitation techniques are publicly documented, to date there is no study of how frequently …
exploitation techniques are publicly documented, to date there is no study of how frequently …
Bug bounty hunting: A case study of successful vulnerability discovery and disclosure
IE Maulani, R Anggraeni - Devotion: Journal of Research …, 2023 - devotion.greenvest.co.id
This research is a case study on bug bounty hunting as a successful approach to finding and
uncovering vulnerabilities in software. The purpose of this study is to understand the …
uncovering vulnerabilities in software. The purpose of this study is to understand the …