| The formation reasons of software vulnerability market have been analyzed from economics at first, constructing the game model based on behaviors of the market major participants. Also, aiming at software release time and the number of vulnerabilities, a model which is based on maximizing the profit function has been set up for getting the equilibrium value on the two parameters and then the open vulnerabilities market model has also been improved. The main work can be described as three points below:1. By analysis of formation reasons of software vulnerabilities, market structure and behaviors of the market major participants, the game model has been constructed between the software release time and the number of vulnerabilities and optimal equilibrium has been equated.2. By analyzing the marketing structure of software vulnerabilities, an improved pattern has been advanced based on the competition mechanism between the hackers and testers, considering the defect where the hackers'profit function by attacking the software users through exploiting bugs in the current software bugs information market is inadequate. And then, the result has been received that how the network security workers investment in optimal level for preventing attackers effectively. The regulative relationship between optimal investment and cost-benefit is simulated and gained by matlab and finally concluded, preparing for the gain of incentive mechanism construction.3. When vulnerabilities information is found, software vulnerability patch management strategy has been introduced, which considers mainly on proportion of patch download that fixes flaws from software user's point of view, discussing software pricing, patching costs, as well as influence of the consumer decision-making by attacking losses in order to encourage users. This research will provide good reference in the monitoring and management of the software bugs information market and the information security regarding to vulnerability more effectively. |
PDF Full Text Request