Global Vulnerability Markets: Using Dynamic Simulation to Change the Discovery, Supply, Demand, and Use of Vulnerabilities

Abstract

Phase I (six months)1. Literature Review of the Vulnerability Ecosystem: Examine existing programs, vulnerabilitydisclosure practices, market and nonmarket behavior, and roles of actors.2. Develop initial Case Study Plan: case studies are essential for demonstrating effectiveness ofmodeling results3. Data Source Identification: access data needs for modeling effort4. Interactions with Subject Matter Experts: to determine market forces, motives, policy levers.5. Exploratory Models: identify the influence of different actors/actions on vulnerabilityidentification, disclosure, and use based on model exercises involving key stakeholders (vendors,third party brokers, independent security researchers, purchasers of vulnerabilities, and relevantgovernment agencies) to help identify model scope and structure.6. Preliminary Simulation Models: to identify and collect key data sources for model refinement,and perform simulation to understand the behaviors and impacts of key interventions.7. Preliminary Policy Analysis: Identify and simulate the impact of various government, NGO andcorporate strategies and public policy interventions on the vulnerability ecosystem.8. Report on Research FindingsPhase II (six months - option)1. Reiterate findings: to Key Players and refine initial models2. Develop and publish detailed case studies: these are to coincide with research results3. Refine and Harden Simulation Models: to identify and collect key data sources for modelrefinement, and perform simulation to understand the behaviors and impacts of key interventions.4. Detailed Policy Analysis: Identify and simulate the impact of various government, NGO andcorporate strategies and public policy interventions on the vulnerability ecosystem.5. Disseminate Research Findings and Case Studies6. Examine Possibilities for Model Transfer, Training and Education

Document Details

Document Type
DoD Grant Award
Publication Date
Aug 08, 2016
Source ID
N000141612285

Entities

People

  • Michael Siegel

Organizations

  • Massachusetts Institute of Technology
  • Office of Naval Research
  • United States Navy

Tags

Readers

  • Cybersecurity.
  • Data Mining and Knowledge Discovery.
  • Defense Technology Research and Development.