Abstract: A method comprising inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test.

Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera

Abstract: A method of assessing and addressing computer security risk is disclosed.

Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera

Abstract: In one aspect, the disclosure provides: using a control computer logically positioned between one or more researcher computers and one or more systems under test, obtaining a task that identifies a potential security vulnerability of the one or more systems under test; determining a task type of the task associated with particular skills for investigating the potential security vulnerability; identifying a plurality of researcher computers who each have the particular skills; determining a task expiration of the task; determining a respective availability of the plurality of researcher computers; assigning the task to one or more researcher computers of the plurality of researcher computers determined to be available to complete the task; determining and providing an incentive to the one or more researcher computers in response to successfully validating the reports of the potential security vulnerability of the one or more systems under test.

Abstract: A method and apparatus for extracting and displaying a feature data set is provided.

Abstract: In one aspect, the disclosure provides: A method comprising: assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in the distributed plurality of researchers wherein each researcher is associated with one or more tags in records that identify the researcher for one or more attributes; inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more computers; using a computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a network under test among th

Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera

Abstract: A method of assessing and addressing computer security risk is disclosed.

Abstract: A vulnerability report evaluation system comprises a preprocessor that takes as its input a data record representing a vulnerability report and outputs a search record. The vulnerability report evaluation system further comprises a search engine and a searchable corpus comprising records of vulnerabilities, wherein the search engine is configured to use the outputted search record to search the corpus. The vulnerability report evaluation system can flag search result hits resulting from the searched search record as an indication that the submitted vulnerability report is a duplicate of an earlier vulnerability report or as a flag to trigger manual review, while providing efficient processing of vulnerability report data records.

Abstract: A testing system for testing computer system security includes control logic interposed between tester computers and a computer system under test. Tester computers are used by testers to test for security vulnerabilities of the computer system under test. A test results database contains records of tester interactions with the computer system under test and responses of the computer system under test to the tester interactions. A test mark database, coupled to the control logic, contains records related to granular elements of the computer system under test that are amenable to being tested for security vulnerabilities. Records of the test mark database indicate whether a corresponding granular element has been tested for security vulnerabilities. A coverage application, coupled to the test mark database, inputs data from the test mark database and outputs data indicating which granular elements of the computer system under test are to be tested.

Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera

Abstract: Computer systems and methods in various embodiments are configured to test the security of a server computer by simulating a wide range of attacks from one or more bot-nets. In an embodiment, a computer system includes a memory; a processor coupled to the memory; a plurality of network cards coupled to the processor and the memory, the computer system being located in a home geographic region; wherein each of the plurality of network cards is configured to send one or more requests to a remote server computer through one of a plurality of geographic regions, that is different than the home geographic region; wherein, for each of the plurality of network cards, the processor is configured to store in the memory one of a plurality of geo-mappings, wherein the geo-mapping indicates the certain geographic region the network card is configured to send the one or more requests to the remote server computer through.

Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera

Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera

Abstract: A vulnerability report evaluation system comprises a preprocessor that takes as its input a data record representing a vulnerability report and outputs a search record. The vulnerability report evaluation system further comprises a search engine and a searchable corpus comprising records of vulnerabilities, wherein the search engine is configured to use the outputted search record to search the corpus. The vulnerability report evaluation system can flag search result hits resulting from the searched search record as an indication that the submitted vulnerability report is a duplicate of an earlier vulnerability report or as a flag to trigger manual review, while providing efficient processing of vulnerability report data records.

Abstract: In one aspect, the disclosure provides: A method comprising: assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in the distributed plurality of researchers wherein each researcher is associated with one or more tags in records that identify the researcher for one or more attributes; inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more computers; using a computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a network under test among th

Abstract: A testing system tests applications executable on a computing platform, when the app under test executes on the computing platform, the app program code refers to a tree data structure for its user interface operations. That tree data structure is accessed without needing to interrupt the app under test or without needing software hooks into the app. The testing system obtains a specification of user interface criteria from an operator, processes the tree data structure with the specification to identify nodes of the tree data structure that match the user interface criteria, and outputs a representation of the matching nodes. The matching nodes are user interface entry points capable of being used to test the app for vulnerabilities. The specification can include edge criteria, wherein an edge criterion corresponds to a characteristic of an edge in the tree data structure between at least two nodes of the tree data structure.

Abstract: In one aspect, the disclosure provides: A method comprising: assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in the distributed plurality of researchers wherein each researcher is associated with one or more tags in records that identify the researcher for one or more attributes; inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more computers; using a computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a network under test among th

Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera