SECURITY ASSESSMENT INCENTIVE METHOD FOR PROMOTING DISCOVERY OF COMPUTER SOFTWARE VULNERABILITIES
First Claim
1. A data processing method comprising:
- using a Launch Point computer, assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in forming the distributed plurality of researchers in which each researcher is associated in digitally stored data records with one or more tags that identify the researcher for one or more attributes;
using the Launch Point computer, electronically inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more third party computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more third party computers;
using the Launch Point computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a particular third party computer under test among the one or more third party computers, monitoring communications between the particular researcher and the particular third party computer under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular third party computer under test;
in response to a report of the candidate security vulnerability of the particular third party computer that is received from the particular researcher, evaluating the report of the candidate security vulnerability.
0 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, the disclosure provides: A method comprising: assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in the distributed plurality of researchers wherein each researcher is associated with one or more tags in records that identify the researcher for one or more attributes; inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more computers; using a computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a network under test among the one or more computers, monitoring communications between the particular researcher and the particular third party computer, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular third party computer; in response to a report of the candidate security vulnerability of the particular third party computer that is received from the particular researcher, evaluating the report of the candidate security vulnerability.
-
Citations
20 Claims
-
1. A data processing method comprising:
-
using a Launch Point computer, assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in forming the distributed plurality of researchers in which each researcher is associated in digitally stored data records with one or more tags that identify the researcher for one or more attributes; using the Launch Point computer, electronically inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more third party computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more third party computers; using the Launch Point computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a particular third party computer under test among the one or more third party computers, monitoring communications between the particular researcher and the particular third party computer under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular third party computer under test; in response to a report of the candidate security vulnerability of the particular third party computer that is received from the particular researcher, evaluating the report of the candidate security vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A data processing system comprising:
-
a first computer that is communicatively coupled to a plurality of computers under test, an automated scanning system and a vulnerability database, and that is logically interposed in a network topology between the plurality of computers under test and a distributed plurality of researcher computers; one or more non-transitory computer-readable storage media in the first computer storing one or more sequences of instructions which when executed cause performing; assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in the distributed plurality of researchers wherein each researcher is associated in stored digital data records with one or more tags that identify the researcher for one or more attributes; electronically inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more third party computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more third party computers; using the first computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a particular third party computer under test among the one or more third party computers, monitoring communications between the particular researcher and the particular third party computer, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular third party computer; in response to a report of the candidate security vulnerability of the particular third party computer that is received from the particular researcher, evaluating the report of the candidate security vulnerability. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification