B ug-bounty programs may be distinguished by the nature of their management. Internal programs are run by software companies themselves, while third-party programs are managed by intermediaries or brokers that operate either as for-profit businesses or clandestine services. These third-party programs fuel the gray and black markets for software vulnerabilities that benefit software developers or cyber mercenaries, respectively, especially state actors who seek to acquire robust cyber warfare tool s. T he l a rges t con s u mer of black-market software vulnerabilities is most likely the U.S. National Security Agency's (NSA's) Vulnerability Equities Process (VEP). The motives behind these two markets are very different; the former is primarily economic, whereas the latter is cyberpolitical.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.