An exploratory study of white hat behaviors in a web vulnerability disclosure program

Mingyi Zhao, Jens Grossklags, Kai Chen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

36 Scopus citations

Abstract

White hats are making significant contributions to cybersecurity by submitting vulnerability discovery reports to public vulnerability disclosure programs and company-initiated vulnerability reward programs. In this paper, we study white hat behaviors by analyzing a 3.5-year dataset which documents the contributions of 3254 white hats and their submitted 16446 Web vulnerability reports. Our dataset is collected from Wooyun, the predominant Web vulnerability disclosure program in China. We first show that Wooyun is continuously attracting new contributors from the white hat community. We then examine white hats' contributions along several dimensions. In particular, we provide evidence about the diversity inside Wooyun's white hat community and discuss the importance of this diversity for vulnerability discovery. Our results suggest that more participation, and thereby more diversity, contributes to higher productivity of the vulnerability discovery process.

Original languageEnglish
Title of host publicationSIW 2014 - Proceedings of the 2014 ACM Workshop on Security Information Workers, Co-located with CCS 2014
PublisherAssociation for Computing Machinery
Pages51-58
Number of pages8
EditionNovember
ISBN (Print)9781450331524
DOIs
StatePublished - 7 Nov 2014
Externally publishedYes
Event2014 ACM Workshop on Security Information Workers, SIW 2014 - Co-located with CCS 2014 - Scottsdale, United States
Duration: 7 Nov 2014 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
NumberNovember
Volume2014-November
ISSN (Print)1543-7221

Conference

Conference2014 ACM Workshop on Security Information Workers, SIW 2014 - Co-located with CCS 2014
Country/TerritoryUnited States
CityScottsdale
Period7/11/14 → …

Keywords

  • Behavior
  • Vulnerability disclosure
  • Vulnerability discovery

Fingerprint

Dive into the research topics of 'An exploratory study of white hat behaviors in a web vulnerability disclosure program'. Together they form a unique fingerprint.

Cite this