{"id":"https://openalex.org/W2766615649","doi":"https://doi.org/10.1145/3133956.3133960","title":"Economic Factors of Vulnerability Trade and Exploitation","display_name":"Economic Factors of Vulnerability Trade and Exploitation","publication_year":2017,"publication_date":"2017-10-27","ids":{"openalex":"https://openalex.org/W2766615649","doi":"https://doi.org/10.1145/3133956.3133960","mag":"2766615649"},"language":"en","primary_location":{"id":"doi:10.1145/3133956.3133960","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3133960","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1708.04866","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047635330","display_name":"Luca Allodi","orcid":"https://orcid.org/0000-0003-1600-0868"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Luca Allodi","raw_affiliation_strings":["Eindhoven University of Technology, Eindhoven, Netherlands"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Eindhoven, Netherlands","institution_ids":["https://openalex.org/I83019370"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5047635330"],"corresponding_institution_ids":["https://openalex.org/I83019370"],"apc_list":null,"apc_paid":null,"fwci":16.6868,"has_fulltext":true,"cited_by_count":90,"citation_normalized_percentile":{"value":0.99066978,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1483","last_page":"1499"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9858019351959229},{"id":"https://openalex.org/keywords/cybercrime","display_name":"Cybercrime","score":0.6431178450584412},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6371262669563293},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6150824427604675},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.572045624256134},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5535839796066284},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.47101864218711853},{"id":"https://openalex.org/keywords/revenue","display_name":"Revenue","score":0.4658931493759155},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.30263638496398926},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.18216368556022644},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.10106566548347473}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9858019351959229},{"id":"https://openalex.org/C2779390178","wikidata":"https://www.wikidata.org/wiki/Q29137","display_name":"Cybercrime","level":3,"score":0.6431178450584412},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6371262669563293},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6150824427604675},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.572045624256134},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5535839796066284},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.47101864218711853},{"id":"https://openalex.org/C195487862","wikidata":"https://www.wikidata.org/wiki/Q850210","display_name":"Revenue","level":2,"score":0.4658931493759155},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.30263638496398926},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.18216368556022644},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.10106566548347473},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0}],"mesh":[],"locations_count":9,"locations":[{"id":"doi:10.1145/3133956.3133960","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3133960","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.tue.nl:publications/d5b84178-40f4-47c7-82e6-3bfbda51cac9","is_oa":false,"landing_page_url":"https://research.tue.nl/en/publications/d5b84178-40f4-47c7-82e6-3bfbda51cac9","pdf_url":null,"source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Allodi, L 2017, Economic factors of vulnerability trade and exploitation. in CCS'17 : Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security ; Oktober 30 - November 3, 2017, Dallas, TX, USA. Association for Computing Machinery, Inc., Newc York, pp. 1483-1499, 2017 ACM Conference on Computer and Communications Security (CCS 2017), Dallas, Texas, United States, 30/10/17. https://doi.org/10.1145/3133956.3133960","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:arXiv.org:1708.04866","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1708.04866","pdf_url":"https://arxiv.org/pdf/1708.04866","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:pure.tue.nl:openaire_cris_publications/d5b84178-40f4-47c7-82e6-3bfbda51cac9","is_oa":true,"landing_page_url":"https://arxiv.org/abs/1708.04866","pdf_url":"https://arxiv.org/pdf/1708.04866","source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Allodi, L 2017, Economic factors of vulnerability trade and exploitation. in CCS'17 : Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security ; Oktober 30 - November 3, 2017, Dallas, TX, USA. Association for Computing Machinery, Inc., Newc York, pp. 1483-1499, 2017 ACM Conference on Computer and Communications Security (CCS 2017), Dallas, Texas, United States, 30/10/17. https://doi.org/10.1145/3133956.3133960","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:868758","is_oa":false,"landing_page_url":"http://library.tue.nl/csp/dare/LinkToRepository.csp?recordnumber=868758","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:881214","is_oa":false,"landing_page_url":"http://library.tue.nl/csp/dare/LinkToRepository.csp?recordnumber=881214","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:library.tue.nl:868758","is_oa":false,"landing_page_url":"http://repository.tue.nl/868758","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:library.tue.nl:881214","is_oa":false,"landing_page_url":"http://repository.tue.nl/881214","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:tue:oai:pure.tue.nl:publications/d5b84178-40f4-47c7-82e6-3bfbda51cac9","is_oa":false,"landing_page_url":"https://research.tue.nl/nl/publications/d5b84178-40f4-47c7-82e6-3bfbda51cac9","pdf_url":null,"source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"CCS'17 : Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security ; Oktober 30 - November 3, 2017, Dallas, TX, USA, 1483 - 1499","raw_type":"info:eu-repo/semantics/conferencepaper"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1708.04866","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1708.04866","pdf_url":"https://arxiv.org/pdf/1708.04866","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G5631504704","display_name":null,"funder_award_id":"628.001.004","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"}],"funders":[{"id":"https://openalex.org/F4320321800","display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","ror":"https://ror.org/04jsz6e67"},{"id":"https://openalex.org/F4320322275","display_name":"Universit\u00e0 degli Studi di Trento","ror":"https://ror.org/05trd4x28"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":75,"referenced_works":["https://openalex.org/W150078352","https://openalex.org/W199832099","https://openalex.org/W384698140","https://openalex.org/W775648574","https://openalex.org/W1005273320","https://openalex.org/W1412796528","https://openalex.org/W1427242644","https://openalex.org/W1490011260","https://openalex.org/W1499523602","https://openalex.org/W1506213846","https://openalex.org/W1508191694","https://openalex.org/W1514421817","https://openalex.org/W1515345759","https://openalex.org/W1518983087","https://openalex.org/W1548744715","https://openalex.org/W1575663745","https://openalex.org/W1788061570","https://openalex.org/W1815362064","https://openalex.org/W1820833458","https://openalex.org/W1940252083","https://openalex.org/W1971733255","https://openalex.org/W1972791208","https://openalex.org/W1977415353","https://openalex.org/W1985324839","https://openalex.org/W1988015967","https://openalex.org/W2014005029","https://openalex.org/W2021348304","https://openalex.org/W2021518206","https://openalex.org/W2052224842","https://openalex.org/W2065890363","https://openalex.org/W2082180526","https://openalex.org/W2090513801","https://openalex.org/W2091692346","https://openalex.org/W2095299437","https://openalex.org/W2095610745","https://openalex.org/W2098569569","https://openalex.org/W2107449619","https://openalex.org/W2110271878","https://openalex.org/W2110401754","https://openalex.org/W2117405938","https://openalex.org/W2121451642","https://openalex.org/W2122551442","https://openalex.org/W2127977814","https://openalex.org/W2129586531","https://openalex.org/W2132280055","https://openalex.org/W2148156428","https://openalex.org/W2153532176","https://openalex.org/W2155597028","https://openalex.org/W2156109180","https://openalex.org/W2157291863","https://openalex.org/W2164322841","https://openalex.org/W2168234580","https://openalex.org/W2237954913","https://openalex.org/W2269520727","https://openalex.org/W2296488620","https://openalex.org/W2345976710","https://openalex.org/W2495607404","https://openalex.org/W2513861733","https://openalex.org/W2515415680","https://openalex.org/W2519123369","https://openalex.org/W2534728012","https://openalex.org/W2588857602","https://openalex.org/W2604955674","https://openalex.org/W2744879410","https://openalex.org/W2796508300","https://openalex.org/W2797563284","https://openalex.org/W3122190984","https://openalex.org/W3141872514","https://openalex.org/W3148106702","https://openalex.org/W4237638794","https://openalex.org/W4239223658","https://openalex.org/W4243775359","https://openalex.org/W4310299640","https://openalex.org/W4376467516","https://openalex.org/W6622550042"],"related_works":["https://openalex.org/W2338899373","https://openalex.org/W4252285266","https://openalex.org/W199254545","https://openalex.org/W17155033","https://openalex.org/W2476504758","https://openalex.org/W1966145327","https://openalex.org/W2906845177","https://openalex.org/W4200107511","https://openalex.org/W2891427086","https://openalex.org/W1968625315"],"abstract_inverted_index":{"Cybercrime":[0],"markets":[1],"support":[2],"the":[3,16,28,36,50,55,64,77,83,104,107,114,124,138,150,162,181,197],"development":[4],"and":[5,13,41,60,82,136,161,175,192,202,212],"diffusion":[6],"of":[7,19,38,52,76,79,85,90,106,141,171,183,189,196],"new":[8],"attack":[9,39,66,110,190],"technologies,":[10],"vulnerability":[11,80,209],"exploits,":[12,54,174],"malware.":[14],"Whereas":[15],"revenue":[17],"streams":[18],"cyber":[20],"attackers":[21],"have":[22],"been":[23],"studied":[24],"multiple":[25],"times":[26],"in":[27,123,132,165,169],"literature,":[29],"no":[30],"quantitative":[31],"account":[32],"currently":[33,146],"exists":[34],"on":[35,63,88,187,208],"economics":[37,78],"acquisition":[40],"deployment.":[42,204],"Yet,":[43],"this":[44,69],"understanding":[45],"is":[46,94,143,164],"critical":[47],"to":[48],"characterize":[49],"production":[51],"(traded)":[53],"economy":[56],"that":[57,121,137],"drives":[58],"it,":[59],"its":[61],"effects":[62,84,182],"overall":[65],"scenario.":[67],"In":[68],"paper":[70],"we":[71],"provide":[72],"an":[73],"empirical":[74],"investigation":[75],"exploitation,":[81],"market":[86,102,163,185,200],"factors":[87],"likelihood":[89,188],"exploit.":[91],"Our":[92,118],"data":[93],"collected":[95],"first-handedly":[96],"from":[97],"a":[98],"prominent":[99],"Russian":[100],"cybercrime":[101],"where":[103],"trading":[105],"most":[108],"active":[109],"tools":[111],"reported":[112],"by":[113],"security":[115],"industry":[116],"happens.":[117],"findings":[119],"reveal":[120],"exploits":[122,142],"underground":[125],"are":[126,154],"priced":[127],"similarly":[128],"or":[129],"above":[130],"vulnerabilities":[131],"legitimate":[133],"bug-hunting":[134],"programs,":[135],"refresh":[139],"cycle":[140],"slower":[144],"than":[145],"often":[147],"assumed.":[148],"On":[149],"other":[151],"hand,":[152],"cybercriminals":[153],"becoming":[155],"faster":[156],"at":[157],"introducing":[158],"selected":[159],"vulnerabilities,":[160],"clear":[166],"expansion":[167],"both":[168],"terms":[170],"players,":[172],"traded":[173],"exploit":[176,203,213],"pricing.":[177],"We":[178,205],"then":[179],"evaluate":[180],"these":[184],"variables":[186],"realization,":[191],"find":[193],"strong":[194],"evidence":[195],"correlation":[198],"between":[199],"activity":[201],"discuss":[206],"implications":[207],"metrics,":[210],"economics,":[211],"measurement.":[214]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":21},{"year":2021,"cited_by_count":14},{"year":2020,"cited_by_count":12},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":10},{"year":2017,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}