Crowdsourcing platform for collaboration management in vulnerability verification

Abstract

In recent years, vulnerability collection platforms become an important part to facilitate development of information security. Usually, platform administrators collect and ratify vulnerability information, which white hat hackers report at first hand, and users hence know which applications have doubts via vulnerability reports published on the platform. However, there are still few reported but unverified vulnerabilities, which may be caused from scarcity of testing targets and limitation of man power. These vulnerabilities might agitate those users who have related applications. This study initiates crowdsourcing to vulnerability collection platforms. The proposed platform collaborates administrators with two new added roles, script writers and target providers, aiming at vulnerability verification. In addition we design two agents, the test scheduler and the log collector, to automatically arrange test cases and collect logs, respectively. With properly scoring on task assignment, these crowd sources can effectively and efficiently collaborate on verification of timely and severe vulnerabilities. Hence this platform can speed up the progress of vulnerability assessment in information security.