An exploratory study of white hat behaviors in a web vulnerability disclosure program

Mingyi Zhao; Jens Grossklags; Kai Chen

doi:10.1145/2663887.2663906

An exploratory study of white hat behaviors in a web vulnerability disclosure program

Mingyi Zhao, Jens Grossklags, Kai Chen

Penn State University Park

Research output: Contribution to journal › Conference article

14 Citations (Scopus)

Abstract

White hats are making significant contributions to cybersecurity by submitting vulnerability discovery reports to public vulnerability disclosure programs and company-initiated vulnerability reward programs. In this paper, we study white hat behaviors by analyzing a 3.5-year dataset which documents the contributions of 3254 white hats and their submitted 16446 Web vulnerability reports. Our dataset is collected from Wooyun, the predominant Web vulnerability disclosure program in China. We first show that Wooyun is continuously attracting new contributors from the white hat community. We then examine white hats' contributions along several dimensions. In particular, we provide evidence about the diversity inside Wooyun's white hat community and discuss the importance of this diversity for vulnerability discovery. Our results suggest that more participation, and thereby more diversity, contributes to higher productivity of the vulnerability discovery process.

Original language	English (US)
Pages (from-to)	51-58
Number of pages	8
Journal	Proceedings of the ACM Conference on Computer and Communications Security
Volume	2014-November
Issue number	November
DOIs	https://doi.org/10.1145/2663887.2663906
State	Published - Nov 7 2014
Event	2014 ACM Workshop on Security Information Workers, SIW 2014 - Co-located with CCS 2014 - Scottsdale, United States Duration: Nov 7 2014 → …

Fingerprint

Productivity

Industry

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Cite this

Zhao, M., Grossklags, J., & Chen, K. (2014). An exploratory study of white hat behaviors in a web vulnerability disclosure program. Proceedings of the ACM Conference on Computer and Communications Security, 2014-November(November), 51-58. https://doi.org/10.1145/2663887.2663906

Zhao, Mingyi ; Grossklags, Jens ; Chen, Kai. / An exploratory study of white hat behaviors in a web vulnerability disclosure program. In: Proceedings of the ACM Conference on Computer and Communications Security. 2014 ; Vol. 2014-November, No. November. pp. 51-58.

@article{7cc6021589204f8a8093b12efc0dba38,

title = "An exploratory study of white hat behaviors in a web vulnerability disclosure program",

abstract = "White hats are making significant contributions to cybersecurity by submitting vulnerability discovery reports to public vulnerability disclosure programs and company-initiated vulnerability reward programs. In this paper, we study white hat behaviors by analyzing a 3.5-year dataset which documents the contributions of 3254 white hats and their submitted 16446 Web vulnerability reports. Our dataset is collected from Wooyun, the predominant Web vulnerability disclosure program in China. We first show that Wooyun is continuously attracting new contributors from the white hat community. We then examine white hats' contributions along several dimensions. In particular, we provide evidence about the diversity inside Wooyun's white hat community and discuss the importance of this diversity for vulnerability discovery. Our results suggest that more participation, and thereby more diversity, contributes to higher productivity of the vulnerability discovery process.",

author = "Mingyi Zhao and Jens Grossklags and Kai Chen",

year = "2014",

month = "11",

day = "7",

doi = "10.1145/2663887.2663906",

language = "English (US)",

volume = "2014-November",

pages = "51--58",

journal = "Proceedings of the ACM Conference on Computer and Communications Security",

issn = "1543-7221",

publisher = "Association for Computing Machinery (ACM)",

number = "November",

}

Zhao, M, Grossklags, J & Chen, K 2014, 'An exploratory study of white hat behaviors in a web vulnerability disclosure program', Proceedings of the ACM Conference on Computer and Communications Security, vol. 2014-November, no. November, pp. 51-58. https://doi.org/10.1145/2663887.2663906

An exploratory study of white hat behaviors in a web vulnerability disclosure program. / Zhao, Mingyi; Grossklags, Jens; Chen, Kai.

In: Proceedings of the ACM Conference on Computer and Communications Security, Vol. 2014-November, No. November, 07.11.2014, p. 51-58.

Research output: Contribution to journal › Conference article

TY - JOUR

T1 - An exploratory study of white hat behaviors in a web vulnerability disclosure program

AU - Zhao, Mingyi

AU - Grossklags, Jens

AU - Chen, Kai

PY - 2014/11/7

Y1 - 2014/11/7

N2 - White hats are making significant contributions to cybersecurity by submitting vulnerability discovery reports to public vulnerability disclosure programs and company-initiated vulnerability reward programs. In this paper, we study white hat behaviors by analyzing a 3.5-year dataset which documents the contributions of 3254 white hats and their submitted 16446 Web vulnerability reports. Our dataset is collected from Wooyun, the predominant Web vulnerability disclosure program in China. We first show that Wooyun is continuously attracting new contributors from the white hat community. We then examine white hats' contributions along several dimensions. In particular, we provide evidence about the diversity inside Wooyun's white hat community and discuss the importance of this diversity for vulnerability discovery. Our results suggest that more participation, and thereby more diversity, contributes to higher productivity of the vulnerability discovery process.

AB - White hats are making significant contributions to cybersecurity by submitting vulnerability discovery reports to public vulnerability disclosure programs and company-initiated vulnerability reward programs. In this paper, we study white hat behaviors by analyzing a 3.5-year dataset which documents the contributions of 3254 white hats and their submitted 16446 Web vulnerability reports. Our dataset is collected from Wooyun, the predominant Web vulnerability disclosure program in China. We first show that Wooyun is continuously attracting new contributors from the white hat community. We then examine white hats' contributions along several dimensions. In particular, we provide evidence about the diversity inside Wooyun's white hat community and discuss the importance of this diversity for vulnerability discovery. Our results suggest that more participation, and thereby more diversity, contributes to higher productivity of the vulnerability discovery process.

UR - http://www.scopus.com/inward/record.url?scp=84937677217&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84937677217&partnerID=8YFLogxK

U2 - 10.1145/2663887.2663906

DO - 10.1145/2663887.2663906

M3 - Conference article

AN - SCOPUS:84937677217

VL - 2014-November

SP - 51

EP - 58

JO - Proceedings of the ACM Conference on Computer and Communications Security

JF - Proceedings of the ACM Conference on Computer and Communications Security

SN - 1543-7221

IS - November

ER -

Zhao M, Grossklags J, Chen K. An exploratory study of white hat behaviors in a web vulnerability disclosure program. Proceedings of the ACM Conference on Computer and Communications Security. 2014 Nov 7;2014-November(November):51-58. https://doi.org/10.1145/2663887.2663906

Access to Document

10.1145/2663887.2663906