Abstract
Vulnerability disclosure is a key topic in cybersecurity. It is a practice ensuring that organizations address and fix vulnerabilities before bad actors can find and exploit them. This study focuses on the “disclose or exploit” dilemma. It presents a two-player non-zero-sum simultaneous cyber-security game between a hacker and an organization at multiple rounds. The vulnerabilities classified as high, medium, and low are based on a Common Vulnerability Scoring System (CVSS). The hacker can decide to act separately or to collaborate with the organization. Subsequently, the organization chooses to operate individually or cooperate with the hacker. The organization also has a budget limit to patch the vulnerabilities. The paper developed an algorithm to determine the Nash equilibria of the game and conducted a numerical analysis. It found that maximum cooperation occurred at the beginning of the game when both the organization and the hacker decided to cooperate.
| Original language | English |
|---|---|
| Article number | 100073 |
| Journal | International Journal of Information Management Data Insights |
| Volume | 2 |
| Issue number | 1 |
| DOIs | |
| State | Published - 1 Apr 2022 |
| Externally published | Yes |
ASJC Scopus subject areas
- Management Information Systems
- Information Systems
- Industrial and Manufacturing Engineering
- Library and Information Sciences
- Information Systems and Management
- Artificial Intelligence
Fingerprint
Dive into the research topics of 'Collaboration or separation maximizing the partnership between a “Gray hat” hacker and an organization in a two-stage cybersecurity game'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver