Security assessment incentive method for promoting discovery of computer software vulnerabilities
First Claim
1. A computer-implemented data processing method comprising:
- electronically inviting, using a Launch Point computer, a distributed plurality of researcher computers to participate in research projects of identifying computer vulnerabilities of one or more third party computer networks;
monitoring, using the Launch Point computer, communications between a particular researcher computer among the distributed plurality of researcher computers and a particular third party computer network among the one or more third party computer networks,the monitoring comprising assessing whether the particular researcher computer is attempting to access resources of the particular third party computer network for which access is prohibited or out of scope of a research project of identifying computer vulnerabilities of the third party computer network by the particular researcher computer;
wherein the communications relate to identifying a security vulnerability of the particular third party computer network and the communications include electronic communications;
receiving, from the particular researcher computer, a report regarding security vulnerabilities of the particular third party computer network;
evaluating the report based on the monitored communications,the evaluating comprising re-performing a sequence of operations performed by the particular researcher in the monitored communications.
0 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, the disclosure provides: A method comprising: assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in the distributed plurality of researchers wherein each researcher is associated with one or more tags in records that identify the researcher for one or more attributes; inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more computers; using a computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a network under test among the one or more computers, monitoring communications between the particular researcher and the particular third party computer, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular third party computer; in response to a report of the candidate security vulnerability of the particular third party computer that is received from the particular researcher, evaluating the report of the candidate security vulnerability.
-
Citations
20 Claims
-
1. A computer-implemented data processing method comprising:
-
electronically inviting, using a Launch Point computer, a distributed plurality of researcher computers to participate in research projects of identifying computer vulnerabilities of one or more third party computer networks; monitoring, using the Launch Point computer, communications between a particular researcher computer among the distributed plurality of researcher computers and a particular third party computer network among the one or more third party computer networks, the monitoring comprising assessing whether the particular researcher computer is attempting to access resources of the particular third party computer network for which access is prohibited or out of scope of a research project of identifying computer vulnerabilities of the third party computer network by the particular researcher computer; wherein the communications relate to identifying a security vulnerability of the particular third party computer network and the communications include electronic communications; receiving, from the particular researcher computer, a report regarding security vulnerabilities of the particular third party computer network; evaluating the report based on the monitored communications, the evaluating comprising re-performing a sequence of operations performed by the particular researcher in the monitored communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory machine-readable medium having instructions stored thereon, the instructions executable by the one or more processors to perform:
-
using a Launch Point computer, assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in forming the distributed plurality of researchers in which each researcher is associated in digitally stored data records with one or more tags that identify the researcher for one or more attributes; using the Launch Point computer, electronically inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more third party computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more third party computers; using the Launch Point computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a particular third party computer under test among the one or more third party computers, monitoring communications between the particular researcher and the particular third party computer under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular third party computer under test and the communications include electronic communications; in response to a report of the candidate security vulnerability of the particular third party computer that is received from the particular researcher, evaluating the report of the candidate security vulnerability based upon the candidate security vulnerability identified in the report by the particular researcher in the report and the monitored communications between the particular researcher and the particular third party computer under test. - View Dependent Claims (20)
-
Specification