References
- Ablon, L., and A. Bogart. 2017. Zero-days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits. Santa Monica: RAND. https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf.
- Ablon, L., M. C. Libicki, and A. A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Santa Monica: RAND. https://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf.
- Aitel, D., and M. Tait. 2016. “Everything you Know About the Vulnerability Equities Process is Wrong.” Lawfare, August 18. https://www.lawfareblog.com/everything-you-know-about-vulnerability-equities-process-wrong.
- Andén, P., C. Gnanasambandam, and T. Strålin. 2015. “The Perils of Ignoring Software Development.” McKinsey Quarterly, February 2015. https://www.mckinsey.com/industries/high-tech/our-insights/the-perils-of-ignoring-software-development.
- Bryant, C. 2014. “Companies Eye Lucrative Zero-days Market.” The Financial Times, January 14. https://www.ft.com/content/38fb5608-7d1a-11e3-81dd-00144feabdc0.
- Bugcrowd. 2018. “Surge in Number and Severity of Vulnerabilities Drives Higher Payouts to Crowd in 2018.” Bugcrowd, June 6. https://www.bugcrowd.com/press-release/surge-in-number-and-severity-of-vulnerabilities-drives-higher-payouts-to-crowd-in-2018/.
- Burt, J. 2018. “HP Launches Bug Bounty Program to Discover Security Flaws in Printers.” eWeek, July 31. http://www.eweek.com/security/hp-launches-bug-bounty-program-to-discover-security-flaws-in-printers.
- CEPS (Centre for European Policy Studies). 2018. Software Vulnerability Disclosure in Europe. Brussels: CEPS. https://www.ceps.eu/system/files/CEPS%20TFRonSVD%20with%20cover_0.pdf.
- Childs, D. 2018. “The ZDI 2017 Retrospective.” Zero Day Initiative, January 4. https://www.thezdi.com/blog/2018/1/4/the-zdi-2017-retrospective.
- Constantin, L. 2014. “Russian Gov’t is Willing to Pay for a Way to ID Tor Users.” ComputerWorld, July 25. https://www.computerworld.com/article/2490416/malware-vulnerabilities/russian-gov-t-is-willing-to-pay-for-a-way-to-id-tor-users.html.
- Cox, J. 2017a. “CEO of Company Behind Tor Browser Exploit: ‘I Wanted to Help Take a Person Down’.” Motherboard, February 20. https://motherboard.vice.com/en_us/article/vvxva8/ceo-of-company-behind-tor-browser-exploit.
- Cox, J. 2017b. “Zero Day Exploits Rarely Discovered by More than One Group, Study Finds.” Motherboard, March 9. https://motherboard.vice.com/en_us/article/bmbj38/zero-day-exploits-rarely-discovered-by-more-than-one-group-study-finds.
- Cox, J. 2018. “How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard of.” Motherboard, February 7. https://motherboard.vice.com/en_us/article/8xdayg/iphone-zero-days-inside-azimuth-security.
- Dipshan, R. 2018. “The Federal Policy Loophole Supporting the Hacking-for-Hire Market.” Slate, June 20. https://slate.com/technology/2018/06/the-federal-policy-loophole-supporting-the-hacking-for-hire-market.html.
- The Economist. 2013. “The Digital Arms Trade: The Market for Software that Helps Hackers Penetrate Computer Systems.” The Economist, March 30. https://www.economist.com/news/business/21574478-market-software-helps-hackers-penetrate-computer-systems-digital-arms-trade.
- Edwards, J. 2016. “FBI Paid More than $1.3 Million to Break into San Bernardino iPhone.” Reuters, April 21. https://www.reuters.com/article/us-apple-encryption-fbi/fbi-paid-more-than-1-3-million-to-break-into-san-bernardino-iphone-idUSKCN0XI2IB.
- EFF (Electronic Frontier Foundation). 2015. “Navy Solicitation for Common Vulnerability Exploit Products.” https://www.eff.org/document/navy-soliciation-common-vulnerability-exploit-products.
- ENISA (European Union Agency for Network and Information Security). 2018. “Is Software More Vulnerable Today?” ENISA, March 12. https://www.enisa.europa.eu/publications/info-notes/is-software-more-vulnerable-today.
- Farivar, C. 2015. “How a Russian Hacker Made $45,000 Selling a 0-day Flash Exploit to Hacking Team.” Ars Technica, October 7. https://arstechnica.com/information-technology/2015/07/how-a-russian-hacker-made-45000-selling-a-zero-day-flash-exploit-to-hacking-team/.
- Fidler, M. 2015. “Regulating the Zero-Day Vulnerability Trade: A Preliminary Analysis.” I/S: A Journal of Law and Policy for the Information Society 11 (2). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2706199.
- Frei, S. 2013. “The Known Unknowns: Empirical Analysis of Publicly Unknown Security Vulnerabilities.” NSS Labs. http://www.techzoom.net/Papers/The_Known_Unknowns_(2013).pdf.
- Gartner. 2017. “Gartner Says 8.4 Billion Connected ‘Things’ Will be in use in 2017, up 31 Percent From 2016.” Gartner, February 7. https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016.
- Gibson, M. 2018. “Back to Basics: Why we Need to Encourage More Secure IoT Development.” Trend Micro Blog, August 22. https://blog.trendmicro.com/back-to-basics-why-we-need-to-encourage-more-secure-iot-development/.
- Gilbert, D. 2015. “Who Hacked Hacking Team? Gamma Group Hacker Holds their Hand Up.” International Business Times, July 7. https://www.ibtimes.co.uk/who-hacked-hacking-team-gamma-group-hacker-holds-their-hand-1509662.
- Greenberg, A. 2012. “Shopping for Zero-Days: A Price List for Hackers’ Secret Software Exploits.” Forbes, March 23. https://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/#457841322660.
- Greenberg, A. 2015. “Hackers Claim Million-Dollar Bounty for iOS Zero Day Attack.” Wired, November 2. https://www.wired.com/2015/11/hackers-claim-million-dollar-bounty-for-ios-attack/.
- Griffith, E. 2017. “7 Huge Bug Bounty Payouts.” PCMag, June 9. https://www.pcmag.com/feature/354224/7-huge-bug-bounty-payouts.
- HackerOne. 2017. “5 Hacker-Powered Trends you Need to Know About.” HackerOne, August 2. https://www.hackerone.com/blog/5-hacker-powered-trends-you-need-to-know.
- HackerOne. 2018. “The Hacker-Powered Security Report 2018.” HackerOne. https://www.hackerone.com/sites/default/files/2018-01/2018_Hacker_Report.pdf.
- Herr, T., B. Schneier, and C. Morris. 2017. Taking Stock: Estimating Vulnerability Rediscovery. Harvard: Belfer Center. https://www.belfercenter.org/sites/default/files/files/publication/Vulnerability%20Rediscovery%20%28belfer-revision%29.pdf.
- Kolomychenko, M. 2016a. “Imeyushiy Breshi da Uslyshit.” Kommersant, June 1. https://www.kommersant.ru/doc/3001495.
- Kolomychenko, M. 2016b. “Neuyazvimiye Mstiteli.” Kommersant, October 10. https://www.kommersant.ru/doc/3113551.
- Leswing, K. 2018. “An Elite Google Hacker is Directly Challenging Apple CEO Tim Cook to Donate Over $2 Million to Charity.” Business Insider UK, August 9. http://uk.businessinsider.com/google-hacker-ian-beer-challenges-apple-ceo-tim-cook-to-donate-millions-to-charity-2018-8.
- Libicki, M. C., L. Ablon, and T. Web. 2015. Defender’s Dilemma: Charting a Course Toward Cybersecurity. Santa Monica: RAND. https://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf.
- Lippincott, E. 2018. “Zero Day Initiative: A 1H2018 Recap.” Trend Micro Blog, July 9. https://blog.trendmicro.com/zero-day-initiative-a-1h2018-recap/.
- Maurer, S. M. 2017. “A Market-based Approach to Cyber Defense: Buying Zero-day Vulnerabilities.” The Bulletin of Atomic Scientists (Analysis), March 14. https://thebulletin.org/market-based-approach-cyber-defense-buying-zero-day-vulnerabilities10621.
- Mearian, L. 2017. “Android vs iOS Security: Which is Better?” ComputerWorld, August 7. https://www.computerworld.com/article/3213388/mobile-wireless/android-vs-ios-security-which-is-better.html.
- Medium. 2017. “The Hacker-Powered Security Report: Insights from Over 800 Programs.” Medium, June 27. https://medium.com/@Hacker0×01/the-hacker-powered-security-report-insights-from-over-800-programs-16ad7650978a.
- Metz, C. 2015. “Google is 2 Billion Lines of Code – and it’s all in One Place.” Wired, September 16. https://www.wired.com/2015/09/google-2-billion-lines-codeand-one-place/.
- Microsoft. 2017. “Protecting Customers and Evaluating Risk.” Accessed May 1, 2018. https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/.
- Miller, C. 2007. “The Legitimate Vulnerability Market: Inside the Secretive World of 0-day Exploit Sales.” Independent Security Evaluators. http://www.econinfosec.org/archive/weis2007/papers/29.pdf.
- Miller, R. 2018. “Google’s Bug Bounty Programs Paid out Almost $3M in 2017.” TechCrunch, February 7. https://techcrunch.com/2018/02/07/googles-bug-bounty-programs-paid-out-almost-3m-in-2017/.
- Morgan, S. 2016. “World Will Need to Secure 111 Billion Lines of New Software Code in 2017.” CSO Online, December 19. https://www.csoonline.com/article/3151003/application-development/world-will-need-to-secure-111-billion-lines-of-new-software-code-in-2017.html.
- MuckRock. 2013. “Vupen Contracts with the NSA.” https://www.muckrock.com/foi/united-states-of-america-10/vupen-contracts-with-nsa-6593/.
- O’Neill, H. 2017. “Zero Day Exploits are Rarer and More Expensive than Ever, Researchers Say.” Cyberscoop, April 26. https://www.cyberscoop.com/zero-day-vulns-are-rarer-and-more-expensive-than-ever/.
- Rosenblatt, S. 2018. “Bug Bounties have Bugs of their Own.” The Parallax, April 20. https://www.the-parallax.com/2018/04/20/bug-bounties-safe-harbor-rsa-bsides/.
- Segura, J. 2016. “Tor Browser Zero-day Strikes Again.” Malwarebytes blog, November 30. https://blog.malwarebytes.com/threat-analysis/2016/11/tor-browser-zero-day-strikes-again/.
- Staff, T. 2018. “Israel Reached Out to US Hackers for ‘Zero Days’ Tools.” The Times of Israel, March 3. https://www.timesofisrael.com/israel-reached-out-to-us-hackers-for-zero-days-exploits/.
- Sturmer, J. 2017. “Zero-day Exploits: The Big Bug Bounty Emerging Online.” ABC News, March 15. http://www.abc.net.au/news/2017-03-16/zero-day-exploits-bug-bounty-emerging-online/8357824.
- Symantec. 2017. “Internet Security Threat Report” Symantec 22. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf.
- Vedomosti. 2018. “Rossiya Zaplatit Khakeram za Poysk IT-Uyazvimostey.” Vedomosti, January 11. https://www.vedomosti.ru/technology/articles/2018/01/12/747570-rossiya-zaplatit-hakeram.
- WEF (World Economic Forum). 2018. Cyber Resilience Playbook for Public-Private Collaboration. WEF. http://www3.weforum.org/docs/WEF_Cyber_Resilience_Playbook.pdf.
- Whittaker, Z. 2018. “Lawsuits Threaten Infosec Research — Just When we Need it Most.” ZD Net, February 19. https://www.zdnet.com/article/chilling-effect-lawsuits-threaten-security-research-need-it-most/.
- Wilson, A., R. Schulman, K. Bankston, and T. Herr. 2016. Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications. District of Columbia: New America. https://www.newamerica.org/oti/policy-papers/bugs-system/.
- Wired. 2015. “FBI Equity Discussion April 24, 2014.” Uploaded June 23. https://www.wired.com/wp-content/uploads/2015/06/2015.06.23-FBI-Response-PowerPoint-Emails-Zero-Day-FOIA.pdf.
- Wright, R. 2018. “Bugcrowd CTO Explains Crowdsourced Security Benefits and Challenges.” SearchSecurity, August. https://searchsecurity.techtarget.com/feature/Bugcrowd-CTO-explains-crowdsourced-security-benefits-and-challenges.
- Zetter, K. 2015. “Hacking Team Leak Shows how Secretive Zero-Day Exploit Sales Work.” Wired, July 24. https://www.wired.com/2015/07/hacking-team-leak-shows-secretive-zero-day-exploit-sales-work/.