1. School of Management, Huazhong University of Science & Technology, Wuhan 430074, China; 2. Department of Law, Hubei University of Police, Wuhan 430034, China
Abstract:The key to information security is software security. Owing to the market failure, there are many serious software security problems. Establishing a new market mechanism may be an effective path to solve the problem of market failure. In this paper, the theories of software security vulnerability market are proposed and practiced, but it is hard to success. The legal liability system can provide an incentive to software companies to promote software security. Constructing software product liability system, making software companies liable for its security defects, may be a viable path
[1]国家计算机网络应急技术处理协调中心. 2012年中国互联网网络安全报告[M]. 北京:中国邮电出版社, 2013. [2]国家信息安全漏洞平台. 漏洞趋势图[EB/OL]. (2013-01-01)[2013-12-30]. http://www. cnvd. org. cn/publish/main/51/index. html. [3]Whipp M. Black market thrives on vulnerability trading[J]. PCpro, 2006, (3). [4]Jianwei Zhuge, Thorsten Holz, Chengyu Song. Studying malicious websites and the underground economyon the chinese web[C]. Managing Information Risk and the Economics of Security. New York:Springer US, 2009. [5]Rainer Bhme. A comparison of market approaches to software vulnerability disclosure[J]. Lecture Notes in Computer Science. volume 3995/2006. 298-311. [6]Anderson, Ross, Tyler Moore. The economics of information security[J]. Science, 2006, 314:610-613. [7]Radianti J, Gonzalez J J. Understanding hidden information security threats:The vulnerability black market[C]. System Sciences, 2007.
2014, 
