{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T10:10:23Z","timestamp":1740132623725,"version":"3.37.3"},"reference-count":52,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"12","license":[{"start":{"date-parts":[[2019,12,1]],"date-time":"2019-12-01T00:00:00Z","timestamp":1575158400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,12,1]],"date-time":"2019-12-01T00:00:00Z","timestamp":1575158400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2019,12,1]],"date-time":"2019-12-01T00:00:00Z","timestamp":1575158400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computer"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1109\/mc.2019.2936635","type":"journal-article","created":{"date-parts":[[2019,11,21]],"date-time":"2019-11-21T21:12:37Z","timestamp":1574370757000},"page":"83-88","source":"Crossref","is-referenced-by-count":2,"title":["Moral Hazards in Cyber Vulnerability Markets"],"prefix":"10.1109","volume":"52","author":[{"given":"Alex","family":"Hoffman","sequence":"first","affiliation":[{"name":"University of Nevada, Las Vegas, Nevada United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9451-1527","authenticated-orcid":false,"given":"Hal","family":"Berghel","sequence":"additional","affiliation":[{"name":"Computer Science, University of Nevada, Las Vegas, United States"}]}],"member":"263","reference":[{"key":"ref39","article-title":"Hacks raise fear over N.S.A.’s hold on cyberweapons","author":"perlroth","year":"2017","journal-title":"NY Times"},{"journal-title":"United Airlines showers air miles on bug bounty researchers","year":"2015","author":"osborne","key":"ref38"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2016.12"},{"key":"ref32","article-title":"Teenage hacker makes $1m from bug-bounty rewards","author":"hopping","year":"2019","journal-title":"IT Pro"},{"journal-title":"Bug bounty - hacker powered security testing","year":"0","key":"ref31"},{"journal-title":"Snapchat","year":"0","key":"ref30"},{"key":"ref37","article-title":"Facebook, under scrutiny, pays out largest bug bounty yet","author":"newman","year":"2018","journal-title":"Wired"},{"journal-title":"Microsoft bounty program updates Faster bounty review faster payments and higher rewards","year":"2019","key":"ref36"},{"key":"ref35","article-title":"Bounties mount for bugs","author":"marks","year":"2018","journal-title":"Commun ACM"},{"journal-title":"Liberty and security in a changing world Report and recommendations of The President’s Review Group on Intelligence and Communications Technologies","year":"2013","author":"clarke","key":"ref34"},{"key":"ref28","article-title":"Now there’s a bug bounty program for the whole internet","author":"goodin","year":"2013","journal-title":"ARS Technica"},{"key":"ref27","article-title":"Wanted: Zeroday exploit prices are higher than ever, especially for iOS and messaging apps","author":"goodin","year":"2019","journal-title":"ARS Technica"},{"key":"ref29","article-title":"Meet the hackers who sell spies the tools to crack your PC (and get paid six-figure fees)","author":"greenberg","year":"2012","journal-title":"Forbes"},{"journal-title":"Everything you know about the vulnerability equities process is wrong","year":"2016","author":"aitel","key":"ref2"},{"journal-title":"ACM Code of Ethics and Professional Conduct","year":"2018","key":"ref1"},{"journal-title":"Black market for zero day vulnerabilities still thriving","year":"2008","author":"danchev","key":"ref20"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICITST.2015.7412073"},{"journal-title":"No you really can’t","year":"2008","author":"davidson","key":"ref21"},{"journal-title":"Capabilities Detect the undetectable – zero-day subscription","year":"0","key":"ref24"},{"year":"0","key":"ref23"},{"journal-title":"Confirmed Hacking tool leak came from ‘omnipotent’ NSA-tied group","year":"2016","author":"goodin","key":"ref26"},{"journal-title":"The history of bug bounty programs","year":"2014","author":"friis-jensen","key":"ref25"},{"journal-title":"Our exploit acquisition program","year":"0","key":"ref50"},{"journal-title":"The equation giveaway","year":"2016","key":"ref51"},{"journal-title":"Equation Group Questions and Answers","year":"2015","key":"ref52"},{"journal-title":"Bugcrowd cybersecurity platform","year":"0","key":"ref10"},{"journal-title":"The most trusted crowdsourced security company","year":"0","key":"ref11"},{"key":"ref40","article-title":"HackerOne connects hackers with companies, and hopes for a win-win","author":"perlroth","year":"2015","journal-title":"NY Times"},{"journal-title":"Getting started with Bugcrowd | FAQs","year":"0","key":"ref12"},{"journal-title":"Bad Blood Secrets and Lies in a Silicon Valley Startup","year":"2018","author":"carreyrou","key":"ref13"},{"journal-title":"Cobalt application security platform","year":"0","key":"ref14"},{"journal-title":"Microsoft and Google are paying more than ever to those who find bugs in their systems","year":"2017","author":"coppock","key":"ref15"},{"journal-title":"Bugcrowd","year":"0","key":"ref16"},{"journal-title":"Cobalt (Cobalt io)","year":"0","key":"ref17"},{"journal-title":"HackerOne","year":"0","key":"ref18"},{"key":"ref19","article-title":"Hackers tap into ‘grey market’ for legal bug sales","author":"curtis","year":"2015","journal-title":"Telegraphy"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/1330311.1330315"},{"journal-title":"The first rule of zero-days is no one talks about zero days (so we’ll explain)","year":"2015","author":"anthony","key":"ref3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382284"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2014.40"},{"journal-title":"Microsoft pays $100K for new exploit technique patches IE 0-day","year":"2013","author":"bright","key":"ref8"},{"key":"ref7","article-title":"Duane ‘Dog’ Chapman arrested","author":"bonawitz","year":"2006","journal-title":"CBS News"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00003"},{"journal-title":"Netflix","year":"0","key":"ref9"},{"journal-title":"The importance of bug bounty programs","year":"2018","key":"ref46"},{"key":"ref45","article-title":"Who are the shadow brokers?","author":"schneier","year":"2017","journal-title":"The Atlantic"},{"journal-title":"Microsoft Our bug bounty payouts hit $2m in 2018 and we’re offering more in 2019","year":"2019","author":"tung","key":"ref48"},{"year":"0","key":"ref47"},{"key":"ref42","article-title":"FBI senior IT official: Bug bounties still useful, but ‘a little over-hyped’","author":"heckman","year":"2019","journal-title":"Federal News Network"},{"journal-title":"Product vulnerability disclosure reporting","year":"0","key":"ref41"},{"key":"ref44","article-title":"Should U.S. hackers fix cybersecurity holes or exploit them?","author":"schneier","year":"2014","journal-title":"The Atlantic"},{"journal-title":"Google has paid security researchers over $15 million for bug bounties $3 4 million in 2018 alone","year":"2019","author":"protalinski","key":"ref43"}],"container-title":["Computer"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/2\/8909909\/08909925.pdf?arnumber=8909925","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,13]],"date-time":"2022-07-13T21:14:45Z","timestamp":1657746885000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8909925\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12]]},"references-count":52,"journal-issue":{"issue":"12"},"URL":"https:\/\/doi.org\/10.1109\/mc.2019.2936635","relation":{},"ISSN":["0018-9162","1558-0814"],"issn-type":[{"type":"print","value":"0018-9162"},{"type":"electronic","value":"1558-0814"}],"subject":[],"published":{"date-parts":[[2019,12]]}}}