Systematically understanding the cyber attack business: A survey
Cyber attacks are increasingly menacing businesses. Based on the literature review and
publicly available reports, this article conducts an extensive and consistent survey of the …
publicly available reports, this article conducts an extensive and consistent survey of the …
Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing
Rising concern for the societal implications of artificial intelligence systems has inspired a
wave of academic and journalistic literature in which deployed systems are audited for harm …
wave of academic and journalistic literature in which deployed systems are audited for harm …
Strategic aspects of cyber risk information sharing
Cyber risk management largely reduces to a race for information between defenders of ICT
systems and attackers. Defenders can gain advantage in this race by sharing cyber risk …
systems and attackers. Defenders can gain advantage in this race by sharing cyber risk …
Hackers vs. testers: A comparison of software vulnerability discovery processes
Identifying security vulnerabilities in software is a critical task that requires significant human
effort. Currently, vulnerability discovery is often the responsibility of software testers before …
effort. Currently, vulnerability discovery is often the responsibility of software testers before …
On the impact of security vulnerabilities in the npm and RubyGems dependency networks
The increasing interest in open source software has led to the emergence of large language-
specific package distributions of reusable software libraries, such as npm and RubyGems …
specific package distributions of reusable software libraries, such as npm and RubyGems …
[图书][B] Zero days, thousands of nights: The life and times of zero-day vulnerabilities and their exploits
L Ablon, A Bogart - 2017 - books.google.com
Zero-day vulnerabilities—software vulnerabilities for which no patch or fix has been publicly
released—and their exploits are useful in cyber operations, as well as in defensive and …
released—and their exploits are useful in cyber operations, as well as in defensive and …
Bug {Hunters'} Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem
Although researchers have characterized the bug-bounty ecosystem from the point of view
of platforms and programs, minimal effort has been made to understand the perspectives of …
of platforms and programs, minimal effort has been made to understand the perspectives of …
" You've got your nice list of bugs, now what?" vulnerability discovery and management processes in the wild
Organizational security teams have begun to specialize, and as a result, the existence of
red, blue, and purple teams have been used as signals for an organization's security …
red, blue, and purple teams have been used as signals for an organization's security …
Can financial incentives help with the struggle for security policy compliance?
S Goel, KJ Williams, J Huang, M Warkentin - Information & management, 2021 - Elsevier
This study examined the effects of financial incentives on security policy compliance.
Participants were recruited for a computerized in-basket job simulation and randomly …
Participants were recruited for a computerized in-basket job simulation and randomly …
[HTML][HTML] Knowledge absorption for cyber-security: The role of human beliefs
We investigate how human beliefs are associated with the absorption of specialist
knowledge that is required to produce cyber-security. We ground our theorizing in the …
knowledge that is required to produce cyber-security. We ground our theorizing in the …