Abstract: Nowadays, the global network threat is becoming more and more serious. As one of the essential reasons of network security incidents, network security vulnerabilities have been paid increasing attention. The disclosure of vulnerabilities has been set up into construction of the national network security emergency system. In this paper, we build a tripartite game model among network security vulnerability sharing platform, software manufacturers and hackers, analyze and simulate the model from the perspective of evolutionary game, and then establish the conditions for the existence of stable equilibrium point. The results of this study show that: there are significant differences between the initial values of different parameters on the results of the tripartite game, the worse the software quality is, the more inclined the platform is to the “closed disclosure” strategy; The payment of vulnerability discoverers has a positive impact on the tendency of software manufacturers to “register members”, and has a negative impact on the tendency of hackers to “strive to attack”; As an increasing disclosure costdisclosure cost, the platform tends to adopt the strategy of “closed disclosure”; The expected loss is too large, and software manufacturers tend to support the “register members” strategy.

Key words: information disclosure, network security vulnerability, sharing platform, evolutionary game

摘要： 全球网络威胁日趋严峻,作为网络安全事件产生的根源之一,网络安全漏洞越来越被重视,对漏洞的披露已是国家网络安全应急体系建设的重要内容之一。本文构建了网络安全漏洞共享平台、软件厂商及黑客之间的三方博弈模型,并从演化博弈角度对模型进行了分析和数值模拟,确立了稳定均衡点存在的条件。研究结果表明:不同参数初始值对三方博弈结果存在显著差异,软件质量越差,平台越倾向于“封闭披露”策略;对漏洞发现者的支付积极影响软件厂商“注册会员”倾向,对黑客的“努力攻击”倾向产生负面影响;随披露成本的上升,平台更倾向于采纳“封闭披露”策略;预期损失过大,软件厂商倾向于“注册会员”策略。

关键词: 信息披露, 网络安全漏洞, 共享平台, 演化博弈