{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T13:27:53Z","timestamp":1762522073904,"version":"3.40.3"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319687100"},{"type":"electronic","value":"9783319687117"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-68711-7_8","type":"book-chapter","created":{"date-parts":[[2017,10,4]],"date-time":"2017-10-04T04:23:40Z","timestamp":1507091020000},"page":"131-150","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["The U.S. Vulnerabilities Equities Process: An Economic Perspective"],"prefix":"10.1007","author":[{"given":"Tristan","family":"Caulfield","sequence":"first","affiliation":[]},{"given":"Christos","family":"Ioannidis","sequence":"additional","affiliation":[]},{"given":"David","family":"Pym","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,10,4]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","DOI":"10.7249\/RR1751","volume-title":"Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits","author":"L Ablon","year":"2017","unstructured":"Ablon, L., Bogart, T.: Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits. RAND Corporation publication, Santa Monica (2017)"},{"key":"8_CR2","unstructured":"Beres, Y., Griffin, J., Shiu, S.: Security analytics: Analysis of security policies for vulnerability management. Technical report HPL-2008-121, HP Labs (2008)"},{"key":"8_CR3","unstructured":"Budington, B., Crocker, A.: NSA\u2019s failure to report shadow broker vulnerabilities underscores need for oversight, September 2016. \n                      https:\/\/www.eff.org\/deeplinks\/2016\/09\/nsas-failure-report-shadow-broker-vulnerabilities-underscores-need-oversight"},{"key":"8_CR4","unstructured":"Commercial and government information technology and industrial control product or system vulnerabilities equities policy and process. \n                      https:\/\/www.eff.org\/files\/2015\/09\/04\/document_71_-_vep_ocr.pdf"},{"key":"8_CR5","unstructured":"Daniel, M.: Heartbleed: understanding when we disclose cyber vulnerabilities, April 2014. \n                      https:\/\/obamawhitehouse.archives.gov\/blog\/2014\/04\/28\/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities"},{"key":"8_CR6","unstructured":"Dixon-Thayer, D.: Improving government disclosure of security vulnerabilities, September 2016. \n                      https:\/\/blog.mozilla.org\/netpolicy\/2016\/09\/19\/improving-government-disclosure-of-security-vulnerabilities\/"},{"key":"8_CR7","unstructured":"Fidler, M., Herr, T.: PATCH: debating codication of the VEP, May 2017. \n                      https:\/\/lawfareblog.com\/patch-debating-codification-vep"},{"key":"8_CR8","unstructured":"Greenberg, A.: Shopping for zero-days: a price list for hackers\u2019 secret software exploits, March 2012. \n                      https:\/\/www.forbes.com\/sites\/andygreenberg\/2012\/03\/23\/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits\/"},{"key":"8_CR9","unstructured":"Healey, J.: The U.S. Government and Zero-Day Vulnerabilities: From Pre-Heartbleed to Shadow Brokers. J. Int. Aff. (2016). \n                      https:\/\/jia.sipa.columbia.edu\/online-articles\/healey_vulnerability_equities_process"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Herr, T., Schneier, B., Morris, C., Stock, T.: Estimating vulnerability rediscovery, March 2017. \n                      https:\/\/ssrn.com\/abstract=2928758","DOI":"10.2139\/ssrn.2928758"},{"key":"8_CR11","unstructured":"Menn, J., Walcott, J.: Exclusive: Probe of leaked U.S. NSA hacking tools examines operative\u2019s \u2018mistake\u2019, September 2016. \n                      http:\/\/www.reuters.com\/article\/us-cyber-nsa-tools-idUSKCN11S2MF"},{"key":"8_CR12","unstructured":"Miller, C.: The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales. In: Sixth Workshop on the Economics of Information Security (2007)"},{"key":"8_CR13","unstructured":"Nakashima, E., Timberg, C.: NSA officials worried about the day its potent hacking tool would get loose. Then it did, May 2017. \n                      https:\/\/www.washingtonpost.com\/business\/technology\/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did\/2017\/05\/16\/50670b16-3978-11e7-a058-ddbb23c75d82_story.html"},{"key":"8_CR14","unstructured":"National Security Policy Directive 54. \n                      https:\/\/fas.org\/irp\/offdocs\/nspd\/nspd-54.pdf"},{"key":"8_CR15","unstructured":"ODNI Public Affairs Office. Statement on bloomberg news story that NSA knew about the \u201cHeartbleed bug\u201d aw and regularly used it to gather critical intelligence, April 2014. \n                      https:\/\/icontherecord.tumblr.com\/post\/82416436703\/statement-on-bloomberg-news-story-that-nsa-knew"},{"key":"8_CR16","unstructured":"Ozment, A.: The likelihood of vulnerability rediscovery and the social utility of vulnerability hunting. In: Workshop on Economics and Information Security (2005)"},{"key":"8_CR17","unstructured":"Peterson., A.: Why everyone is left less secure when the NSA doesn\u2019t help fix security flaws, October 2013. \n                      https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/2013\/10\/04\/why-everyone-is-left-less-secure-when-the-nsa-doesnt-help-fix-security-flaws\/"},{"key":"8_CR18","unstructured":"Riley, M.: NSA said to have used heartbleed bug, exposing consumers, April 2014. \n                      https:\/\/www.bloomberg.com\/news\/articles\/2014-04-11\/nsa-said-to-have-used-heartbleed-bug-exposing-consumers"},{"key":"8_CR19","unstructured":"Sanger, D.E.: Obama lets N.S.A. exploit some internet flaws, officials say, April 2014. \n                      https:\/\/www.nytimes.com\/2014\/04\/13\/us\/politics\/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html?_r=1"},{"key":"8_CR20","unstructured":"Schneier, B.: Managed security monitoring: Closing the window of exposure (2000). \n                      http:\/\/www.keystoneisit.com\/window.pdf"},{"key":"8_CR21","unstructured":"Schneier, B.: Simultaneous discovery of vulnerabilities, February 2016. \n                      https:\/\/www.schneier.com\/blog\/archives\/2016\/02\/simultaneous_di.html"},{"key":"8_CR22","unstructured":"Schneier, B.: The Vulnerabilities market and the future of security, June 2012. \n                      https:\/\/www.schneier.com\/blog\/archives\/2012\/06\/the_vulnerabili.html"},{"key":"8_CR23","unstructured":"Schneier, B.: WannaCry and Vulnerabilities. June 2017. \n                      https:\/\/www.schneier.com\/blog\/archives\/2017\/06\/wannacry_and_vu.html"},{"key":"8_CR24","unstructured":"Schwartz, A., Knake, R.: Government\u2019s Role in Vulnerability Dis- closure, June 2016. \n                      http:\/\/www.belfercenter.org\/publication\/governments-role-vulnerability-disclosure-creating-permanent-and-accountable"},{"key":"8_CR25","unstructured":"Zerodium: How to sell your 0day exploit to ZERODIUM, March 2017. \n                      https:\/\/zerodium.com\/program.html"}],"container-title":["Lecture Notes in Computer Science","Decision and Game Theory for Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-68711-7_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T02:54:33Z","timestamp":1558320873000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-68711-7_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319687100","9783319687117"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-68711-7_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"4 October 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"GameSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Decision and Game Theory for Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vienna","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 October 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"gamesec2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.gamesec-conf.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}