Would a "Cyber Warrior" Protect Us? Exploring Trade-Offs Between Attack and Defense of Information Systems
As information security shifts from the realm of computer science to national security, the priority for safe and secure systems will be balanced against the appeal of using information insecurity as a strategic asset. In "Cyber war", those tasked with defending friendly computer networks are also expected to exploit enemy networks. This paper presents two game-theoretic models of vulnerability discovery and exploitation, where nations must choose between protecting themselves by sharing vulnerability information with vendors or pursuing an offensive advantage while remaining at risk.