Fiche du document
14 avril 2023
- handle: 10670/1.35ijz8
- hal: hal-04068476
http://hal.archives-ouvertes.fr/licences/copyright/ , info:eu-repo/semantics/OpenAccess
Mots-clés
Bug Bounty Cybersecurity Hacking Vulnerability Disclosure Market Social Anthropology Ethical Hackers STS Digital Infrastructure HistorySujets proches
Computer hackingCiter ce document
David Bozzini, « How Vulnerabilities Became Commodities. The Political Economy of Ethical Hacking (1990-2020). », HAL-SHS : histoire, philosophie et sociologie des sciences et des techniques, ID : 10670/1.35ijz8
Métriques
Partage / Export
Résumé
My research focuses on the defense mechanism of vulnerability disclosure, which has become immensely valuable to the digital tech industry and beyond. This paper addresses the history of vulnerability disclosure and the emergence of the defensive market that has developed alongside the offensive market In fact, the defensive market for vulnerability information is a recent model of vulnerability disclosure organized in the form of bug bounties programs. Bug bounties are initiatives managed by companies or organizations looking for information on their own vulnerabilities through which they pay individuals—ethical hackers—to uncover bugs in their systems and, in turn, improve the security of their products and services. In this paper, I analyze the historical processes that have transformed models of vulnerability disclosure over the years and have given rise to a defensive market that has monetized disclosure, turned ethical hacking into labor, and made information on vulnerabilities a commodity.