Method of distributed discovery of vulnerabilities in applications
First Claim
1. A method comprising:
- inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party;
assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities;
assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers;
using a computer that is logically interposed between a researcher computer used by the particular researcher and the particular network under test, monitoring communications between the researcher computer used by the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test, and wherein control logic is implemented by the computer in a manner to perform the monitoring of electronic communications between the researcher computer used by the particular researcher and the particular network under test;
validating a report of the candidate security vulnerability of the particular network under test that is received from the particular researcher;
determining and providing an award to the particular researcher in response to successfully validating the report of the candidate security vulnerability of the particular network under test that is received from the particular researcher.
1 Assignment
0 Petitions
Accused Products
Abstract
In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test; validating a report of the candidate security vulnerability of the particular network under test that is received from the particular researcher; determining and providing an award to the particular researcher in response to successfully validating the report of the candidate security vulnerability of the particular network under test that is received from the particular researcher.
55 Citations
16 Claims
-
1. A method comprising:
-
inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between a researcher computer used by the particular researcher and the particular network under test, monitoring communications between the researcher computer used by the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test, and wherein control logic is implemented by the computer in a manner to perform the monitoring of electronic communications between the researcher computer used by the particular researcher and the particular network under test; validating a report of the candidate security vulnerability of the particular network under test that is received from the particular researcher; determining and providing an award to the particular researcher in response to successfully validating the report of the candidate security vulnerability of the particular network under test that is received from the particular researcher. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more computer application programs that are owned or operated by a third party; assessing one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular computer application program under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between a researcher computer used by the particular researcher and the particular network under test, monitoring communications between the researcher computer used by the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular computer application program under test, and wherein control logic is implemented by the computer in a manner to perform the monitoring of electronic communications between the researcher computer used by the particular researcher and the particular network under test; validating a report of the candidate security vulnerability of the particular computer application program under test that is received from the particular researcher; determining and providing a fee to the particular researcher in response to successfully validating the report of the candidate security vulnerability of the particular network under test that is received from the particular researcher. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification