摘要: 针对软件漏洞信息市场理论模型中黑客利用漏洞信息攻击软件使用者的收益函数不够完善的缺陷,提出基于黑客与软件测试者之间竞争机制的一个改进模型,分析黑客与各市场参与者发现软件漏洞信息的概率与最优投入水平。测试结果表明,软件漏洞测试者和黑客的投入水平分别由中介商对软件测试者激励的大小和对软件使用者索价的高低所决定。此项研究为实现更有效的软件漏洞市场监控和管理提供有益的参考。
关键词:
信息安全,
软件漏洞,
激励机制
Abstract: Considering the faultiness of the hackers’ profit function by attacking the software users through exploiting bugs in the current software bugs information market, an improved pattern is advanced based on the competition mechanism between the hackers and testers, the hackers and the other participant’s detection probability of software bugs and their optimal investment level are analyzed. Test results show that the efforts of hacker and tester are determined by intermediaries’ incentives to the tester and the charge to the users respectively. This research gives a good reference in the monitoring and management of the software bugs information market more effectively.
Key words:
information security,
software bugs,
incentive mechanism
中图分类号:
曾霞, 周四清. 软件漏洞发现概率及最优投入水平的研究[J]. 计算机工程, 2010, 36(12): 173-175.
CENG Xia, ZHOU Si-Qing. Research on Probability of Software Bugs Detection and Optimal Investment Level[J]. Computer Engineering, 2010, 36(12): 173-175.