Research of Complete Information Static Game Model for Software Manufacturer, White Hats and Black Hats

Abstract

Aiming at the problem of strategy selection in medium-sized software manfacturer’s public test service, we proposed a research method which based on the complete information static game model between software manufacturers, white hats and black hats. Firstly, we study the strategy selection and function of the software manufacturer, and provide one relational expression between the credibility of white hat and software information given by the software manufacturer. Then, we study the information theft of black hat, and provide the other relational expression between the time of information theft and the time of vulnerability exploiting. According to the time of vulnerability repair used by software manufacturer and the time of successful vulnerability attack used by black hat, we provide a method of software vulnerability risk level assessment. Finally, we give an example to show that this model can provide a good strategy for software manufacturers to reduce the risk level of software vulnerabilities.