Patent attributes
In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular system under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular system under test, monitoring communications between the particular researcher and the particular system under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular system under test, and creating assessment data that assesses the particular system under test based upon the networked data communications that are monitored; validating a report of the candidate security vulnerability of the particular system under test that is received from the particular researcher; determining and providing an award to the particular researcher in response to successfully validating the report of the candidate security vulnerability of the particular system under test that is received from the particular researcher.
