Study on a security intelligence trading platform based on blockchain and IPFS

Security response centre (SRC) is an important solution for enterprises to ensuring their network security. The existing security response centres can be mainly divided into two types, the third-party vulnerability reporting platforms and xSRCs of each enterprise. Normally, hackers find and submit valuable information to a vulnerability reporting platform or xSRC. However, the hackers who submit vulnerabilities probably disagree with the assessment results of vulnerability level by enterprises or the third-party platform experts entrusted by enterprises, which may lead to some dangerous situations that can threat the enterprise’s network security. This paper proposes a security intelligence trading platform based on blockchain and IPFS (Inter Planetary File System), and applies it to a specific example. Due to the decentralization and immutability of blockchain technology and IPFS, it can make the vulnerability level assessment fair and just, which will protect the interests and privacy of both hackers and enterprises. The example proves that the proposed method is simple and feasible, and has theoretical and practical value to the exploration of security information transaction mechanism.