{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T20:14:52Z","timestamp":1776111292983,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,12]],"date-time":"2016-10-12T00:00:00Z","timestamp":1476230400000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-09-1-0525,W911NF-13-1-0421"],"award-info":[{"award-number":["W911NF-09-1-0525,W911NF-13-1-0421"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1422594"],"award-info":[{"award-number":["CNS-1422594"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"DOI":"10.1145\/2810103.2813704","type":"proceedings-article","created":{"date-parts":[[2015,10,6]],"date-time":"2015-10-06T11:22:12Z","timestamp":1444130532000},"page":"1105-1117","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":62,"title":["An Empirical Study of Web Vulnerability Discovery Ecosystems"],"prefix":"10.1145","author":[{"given":"Mingyi","family":"Zhao","sequence":"first","affiliation":[{"name":"Pennsylvania State University, State College, USA"}]},{"given":"Jens","family":"Grossklags","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, USA"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, USA"}]}],"member":"320","published-online":{"date-parts":[[2015,10,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"OWASP 2013 Top 10. www.owasp.org\/index.php\/Top_10_2013-Top_10."},{"key":"e_1_3_2_1_2_1","volume-title":"www.wooyun.org\/notice.php?action=view&id=28","author":"Updates","year":"2013","unstructured":"Updates on vulnerability handling process. www.wooyun.org\/notice.php?action=view&id=28, 2013."},{"key":"e_1_3_2_1_3_1","volume-title":"NPR","author":"Banks","year":"2014","unstructured":"Banks reluctant to use 'white hat' hackers to spot security flaws. NPR, 2014."},{"key":"e_1_3_2_1_4_1","volume-title":"Facebook","author":"Bug","year":"2014","unstructured":"Bug bounty highlights and updates. Facebook, 2014."},{"key":"e_1_3_2_1_5_1","volume-title":"VentureBeat","author":"How","year":"2014","unstructured":"How Bugcrowd uses crowdsourcing to uncover security flaws faster than the bad guys do (Interview). VentureBeat, 2014."},{"key":"e_1_3_2_1_6_1","volume-title":"White Hat Security","author":"Website","year":"2014","unstructured":"Website security statistics report. White Hat Security, 2014."},{"key":"e_1_3_2_1_7_1","volume-title":"www.sacbee.com\/news\/business\/article5014716.html","author":"CSUS","year":"2015","unstructured":"CSUS student hunts for computer bugs as a 'white hat'. www.sacbee.com\/news\/business\/article5014716.html, 2015."},{"key":"e_1_3_2_1_8_1","volume-title":"https:\/\/hackerone.com\/blog","author":"Improving","year":"2015","unstructured":"Improving signal over 10,000 bugs. https:\/\/hackerone.com\/blog, 2015."},{"key":"e_1_3_2_1_9_1","volume-title":"Reducing vulnerabilities by leveraging expert crowds. security.linkedin.com","author":"LinkedIn's","year":"2015","unstructured":"LinkedIn's private bug bounty program: Reducing vulnerabilities by leveraging expert crowds. security.linkedin.com, 2015."},{"key":"e_1_3_2_1_10_1","volume-title":"www.statisticbrain.com\/small-business-website-statistics\/","author":"Small","year":"2015","unstructured":"Small business website statistics. www.statisticbrain.com\/small-business-website-statistics\/, 2015."},{"key":"e_1_3_2_1_11_1","volume-title":"FTC","author":"Start","year":"2015","unstructured":"Start with security: A guide for business. FTC, 2015."},{"key":"e_1_3_2_1_12_1","volume-title":"BugCrowd","author":"The","year":"2015","unstructured":"The state of bug bounty. BugCrowd, 2015."},{"issue":"3","key":"e_1_3_2_1_13_1","first-page":"71","article-title":"Software vulnerability markets: Discoverers and buyers. International Journal of Computer","volume":"8","author":"Algarni A.","year":"2014","unstructured":"A. Algarni and Y. Malaiya. Software vulnerability markets: Discoverers and buyers. International Journal of Computer, Information Science and Engineering, 8(3):71--81, 2014.","journal-title":"Information Science and Engineering"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/11766155_21"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2665936.2665938"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/1884848.1884858"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36563-8_14"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2535813.2535818"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2652524.2652533"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534790"},{"key":"e_1_3_2_1_21_1","volume-title":"Economics of Information Security and Privacy","author":"Frei S.","year":"2009","unstructured":"S. Frei, D. Schatzmann, B. Plattner, and B. Trammell. Modeling the security ecosystem - The dynamics of (in)security. In Economics of Information Security and Privacy, 2009."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367526"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25280-8_11"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.1040.0357"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24174-6_25"},{"issue":"12","key":"e_1_3_2_1_26_1","first-page":"317","article-title":"The frequency distribution of scientific productivity","volume":"16","author":"Lotka A.","year":"1926","unstructured":"A. Lotka. The frequency distribution of scientific productivity. Journal of Washington Academy Sciences, 16(12):317--323, 1926.","journal-title":"Journal of Washington Academy Sciences"},{"key":"e_1_3_2_1_27_1","volume-title":"Bounty launch lessons. medium.com\/@magoo\/bounty-launch-lessons-c7c3be3f5b","author":"McGeehan R.","year":"2015","unstructured":"R. McGeehan and L. Honeywell. Bounty launch lessons. medium.com\/@magoo\/bounty-launch-lessons-c7c3be3f5b, 2015."},{"key":"e_1_3_2_1_28_1","volume-title":"Network World","author":"Messmer E.","year":"2011","unstructured":"E. Messmer. Hacker group defies U.S. law, defends exposing McAfee website vulnerabilities. Network World, 2011."},{"key":"e_1_3_2_1_29_1","volume-title":"Wired","author":"Moussouris K.","year":"2015","unstructured":"K. Moussouris. You need to speak up for internet security. Right now. Wired, 2015."},{"key":"e_1_3_2_1_30_1","volume-title":"Workshop on the Economics of Information Security","author":"Ozment A.","year":"2004","unstructured":"A. Ozment. Bug auctions: Vulnerability markets reconsidered. In Workshop on the Economics of Information Security, 2004."},{"key":"e_1_3_2_1_31_1","volume-title":"Workshop on the Econ. of Information Security","author":"Ozment A.","year":"2005","unstructured":"A. Ozment. The likelihood of vulnerability rediscovery and the social utility of vulnerability hunting. In Workshop on the Econ. of Information Security, 2005."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267336.1267343"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/1947915.1947933"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.17"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1941487.1941516"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/2337223.2337314"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660279"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663887.2663906"}],"event":{"name":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","location":"Denver Colorado USA","acronym":"CCS'15","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813704","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2810103.2813704","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2810103.2813704","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:33:21Z","timestamp":1763458401000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813704"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":38,"alternative-id":["10.1145\/2810103.2813704","10.1145\/2810103"],"URL":"https:\/\/doi.org\/10.1145\/2810103.2813704","relation":{},"subject":[],"published":{"date-parts":[[2015,10,12]]},"assertion":[{"value":"2015-10-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}