Mingwei Tang,Zhiwei Xu,Yuhao Qin,Cui Su,Yi Zhu,Feifei Tao,Junhua Ding

DOI: https://doi.org/10.1109/dsa56465.2022.00016

2022-01-01

Abstract:Online reviews like product reviews are important references for a potential user to learn the basic information of a product. However, some reviewers were rewarded for writing the reviews, which may impact the objectiveness of the reviews. But on the other hand, the reviews written by reviewers who weren't rewarded could be in low quality. Research study already showed incentivized reviewers may give a higher overall score than non-incentivized reviewers (or called organic) do, but does that pattern also apply to review content? In this paper, a quantitative comparison study is conducted to investigate the differences between the incentivized reviews and organic reviews of software products. Four pairs of comparison including overall score, sentiment preference, correlation, and similarity are performed by using statistical and text mining methods. The results show there is no statistically significant difference between the incentive reviews and organic reviews except the sentiment of total, “Problems and Benefits” and “Summary” part of a review text. The results are unexpected since the reviews collected from the website for reviewing software product already filtered low quality reviews. It demonstrates that the incentivized action might not be necessary to produce biased reviews and it may be an effective way to attract more reviews since the website include more than 75% incentivized reviews. The paper also analyzed the possible reasons from the feature of reviewers' position in a company, a review's indicator, and reviewers' common actions. Based on the analysis, this study suggests that a potential user may pay attention to some quality dimensions of a review to mitigate the bias risk from the reviews.

Stefan Rass,Martin Pinzger

DOI: https://doi.org/10.48550/arXiv.2309.05338

2023-09-11

Abstract:We describe a mechanism to create fair and explainable incentives for software developers to reward contributions to security of a product. We use cooperative game theory to model the actions of the developer team inside a risk management workflow, considering the team to actively work against known threats, and thereby receive micro-payments based on their performance. The use of the Shapley-value provides natural explanations here directly through (new) interpretations of the axiomatic grounding of the imputation. The resulting mechanism is straightforward to implement, and relies on standard tools from collaborative software development, such as are available for git repositories and mining thereof. The micropayment model itself is deterministic and does not rely on uncertain information outside the scope of the developer team or the enterprise, hence is void of assumptions about adversarial incentives, or user behavior, up to their role in the risk management process that the mechanism is part of. We corroborate our model with a worked example based on real-life data.

Software Engineering,Computer Science and Game Theory

Sakshyam Panda,Daniel W Woods,Aron Laszka,Andrew Fielder,Emmanouil Panaousis

DOI: https://doi.org/10.48550/arXiv.1908.04867

2019-08-14

Abstract:We introduce a game-theoretic model to investigate the strategic interaction between a cyber insurance policyholder whose premium depends on her self-reported security level and an insurer with the power to audit the security level upon receiving an indemnity claim. Audits can reveal fraudulent (or simply careless) policyholders not following reported security procedures, in which case the insurer can refuse to indemnify the policyholder. However, the insurer has to bear an audit cost even when the policyholders have followed the prescribed security procedures. As audits can be expensive, a key problem insurers face is to devise an auditing strategy to deter policyholders from misrepresenting their security levels to gain a premium discount. This decision-making problem was motivated by conducting interviews with underwriters and reviewing regulatory filings in the U.S.; we discovered that premiums are determined by security posture, yet this is often self-reported and insurers are concerned by whether security procedures are practised as reported by the policyholders. To address this problem, we model this interaction as a Bayesian game of incomplete information and devise optimal auditing strategies for the insurers considering the possibility that the policyholder may misrepresent her security level. To the best of our knowledge, this work is the first theoretical consideration of post-incident claims management in cyber security. Our model captures the trade-off between the incentive to exaggerate security posture during the application process and the possibility of punishment for non-compliance with reported security policies. Simulations demonstrate that common sense techniques are not as efficient at providing effective cyber insurance audit decisions as the ones computed using game theory.

Cryptography and Security

Chao Yan,Haifeng Xu,Yevgeniy Vorobeychik,Bo Li,Daniel Fabbri,Bradley Malin

DOI: https://doi.org/10.48550/arXiv.1905.06946

2019-10-22

Abstract:Routine operational use of sensitive data is often governed by law and regulation. For instance, in the medical domain, there are various statues at the state and federal level that dictate who is permitted to work with patients' records and under what conditions. To screen for potential privacy breaches, logging systems are usually deployed to trigger alerts whenever suspicious access is detected. However, such mechanisms are often inefficient because 1) the vast majority of triggered alerts are false positives, 2) small budgets make it unlikely that a real attack will be detected, and 3) attackers can behave strategically, such that traditional auditing mechanisms cannot easily catch them. To improve efficiency, information systems may invoke signaling, so that whenever a suspicious access request occurs, the system can, in real time, warn the user that the access may be audited. Then, at the close of a finite period, a selected subset of suspicious accesses are audited. This gives rise to an online problem in which one needs to determine 1) whether a warning should be triggered and 2) the likelihood that the data request event will be audited. In this paper, we formalize this auditing problem as a Signaling Audit Game (SAG), in which we model the interactions between an auditor and an attacker in the context of signaling and the usability cost is represented as a factor of the auditor's payoff. We study the properties of its Stackelberg equilibria and develop a scalable approach to compute its solution. We show that a strategic presentation of warnings adds value in that SAGs realize significantly higher utility for the auditor than systems without signaling. We illustrate the value of the proposed auditing model and the consistency of its advantages over existing baseline methods.

Cryptography and Security,Databases,Computer Science and Game Theory

Jianan Chen,Qin Hu,Honglu Jiang

DOI: https://doi.org/10.48550/arXiv.2204.11950

2022-04-26

Abstract:As an effective method to protect the daily access to sensitive data against malicious attacks, the audit mechanism has been widely deployed in various practical fields. In order to examine security vulnerabilities and prevent the leakage of sensitive data in a timely manner, the database logging system usually employs an online signaling scheme to issue an alert when suspicious access is detected. Defenders can audit alerts to reduce potential damage. This interaction process between a defender and an attacker can be modeled as an audit game. In previous studies, it was found that sending real-time signals in the audit game to warn visitors can improve the benefits of the defender. However, the previous approaches usually assume perfect information of the attacker, or simply concentrate on the utility of the defender. In this paper, we introduce a brand-new zero-determinant (ZD) strategy to study the sequential audit game with online signaling, which empowers the defender to unilaterally control the utility of visitors when accessing sensitive data. In addition, an optimization scheme based on the ZD strategy is designed to effectively maximize the utility difference between the defender and the attacker. Extensive simulation results show that our proposed scheme enhances the security management and control capabilities of the defender to better handle different access requests and safeguard the system security in a cost-efficient manner.

Computer Science and Game Theory

Wei Ma,Daoyuan Wu,Yuqiang Sun,Tianwen Wang,Shangqing Liu,Jian Zhang,Yue Xue,Yang Liu

2024-09-14

Abstract:Smart contracts are decentralized applications built atop blockchains like Ethereum. Recent research has shown that large language models (LLMs) have potential in auditing smart contracts, but the state-of-the-art indicates that even GPT-4 can achieve only 30% precision (when both decision and justification are correct). This is likely because off-the-shelf LLMs were primarily pre-trained on a general text/code corpus and not fine-tuned on the specific domain of Solidity smart contract auditing. In this paper, we propose iAudit, a general framework that combines fine-tuning and LLM-based agents for intuitive smart contract auditing with justifications. Specifically, iAudit is inspired by the observation that expert human auditors first perceive what could be wrong and then perform a detailed analysis of the code to identify the cause. As such, iAudit employs a two-stage fine-tuning approach: it first tunes a Detector model to make decisions and then tunes a Reasoner model to generate causes of vulnerabilities. However, fine-tuning alone faces challenges in accurately identifying the optimal cause of a vulnerability. Therefore, we introduce two LLM-based agents, the Ranker and Critic, to iteratively select and debate the most suitable cause of vulnerability based on the output of the fine-tuned Reasoner model. To evaluate iAudit, we collected a balanced dataset with 1,734 positive and 1,810 negative samples to fine-tune iAudit. We then compared it with traditional fine-tuned models (CodeBERT, GraphCodeBERT, CodeT5, and UnixCoder) as well as prompt learning-based LLMs (GPT4, GPT-3.5, and CodeLlama-13b/34b). On a dataset of 263 real smart contract vulnerabilities, iAudit achieves an F1 score of 91.21% and an accuracy of 91.11%. The causes generated by iAudit achieved a consistency of about 38% compared to the ground truth causes.

Software Engineering

Dmitri Bershadskyy,Jacob Krüger,Gül Çalıklı,Siegmar Otto,Sarah Zabel,Jannik Greif,Robert Heyer

2024-03-19

Abstract:In software-engineering research, many empirical studies are conducted with open-source or industry developers. However, in contrast to other research communities like economics or psychology, only few experiments use financial incentives (i.e., paying money) as a strategy to motivate participants' behavior and reward their performance. The most recent version of the SIGSOFT Empirical Standards mentions payouts only for increasing participation in surveys, but not for mimicking real-world motivations and behavior in experiments. Within this article, we report a controlled experiment in which we tackled this gap by studying how different financial incentivization schemes impact developers. For this purpose, we first conducted a survey on financial incentives used in the real-world, based on which we designed three incentivization schemes: (1) a performance-dependent scheme that employees prefer, (2) a scheme that is performance-independent, and (3) a scheme that mimics open-source development. Then, using a between-subject experimental design, we explored how these three schemes impact participants' performance. Our findings indicate that the different schemes can impact participants' performance in software-engineering experiments. Due to the small sample sizes, our results are not statistically significant, but we can still observe clear tendencies. Our contributions help understand the impact of financial incentives on participants in experiments as well as real-world scenarios, guiding researchers in designing experiments and organizations in compensating developers.

Software Engineering

Ku He,Xiaofei Pan,Gary Tian

DOI: https://doi.org/10.1080/09638180.2015.1100547

2015-10-27

European Accounting Review

Abstract:This paper investigates how legal liability influences audit quality and audit fees, particularly in the presence of government intervention. Since 2010, all Chinese audit firms were required to transform from a structure of limited liability company (LLC) to limited liability partnership (LLP), which removes the cap on the liability exposure of negligent auditors. By adopting this natural experiment, we document the following findings: first, after audit firms reorganize as LLPs, auditors are more likely to (1) issue modified audit opinions and going-concern opinions, (2) constrain clients’ earnings management, and (3) charge a premium in audit fees, which suggest that exerting unlimited legal liability on negligent auditors improves both audit quality and audit fees. Second, the effect of the LLP adoption is more pronounced when auditors are from local audit firms, and clients are controlled by local governments. Further analyses suggest that the stock prices of clients positively react to the reform event, which indicates that LLP adoption improves the overall value of audits. In summary, our empirical findings are consistent with the argument that legal liability is able to effectively shape auditor behavior in emerging markets where the other institutional mechanisms are relatively weaker and government intervention is heavy.

business, finance

Odell Hegna

DOI: https://doi.org/10.48550/arXiv.1501.00820

2019-03-11

Abstract:Computers may control safety-critical operations in machines having embedded software. This memoir proposes a regimen to verify such algorithms at prescribed levels of statistical confidence. The United States Department of Defense standard for system safety engineering (MIL-STD-882E) defines development procedures for safety-critical systems. However, a problem exists: the Standard fails to distinguish quantitative product assurance technique from categorical process assurance method for software development. Resulting is conflict in the technical definition of the term risk. The primary goal here is to show that a quantitative risk-based product assurance method exists and is consistent with hardware practice. Discussion appears in two major parts: theory, which shows the relationship between automata and software; and application, which covers demonstration and indemnification. Demonstration is a technique for generating random tests; indemnification converts pass/fail test results to compound Poisson parameters (severity and intensity). Together, demonstration and indemnification yield statistical confidence that safety-critical code meets design intent. Statistical confidence is the keystone of quantitative product assurance. A secondary goal is resolving the conflict over the term risk. The first meaning is an accident model known in mathematics as the compound Poisson stochastic process, and so is called statistical risk. Various of its versions underlie the theories of safety and reliability. The second is called developmental risk. It considers software autonomy, which considers time until manual recovery of control. Once these meanings are separated, MIL-STD-882 can properly support either formal quantitative safety assurance or empirical process robustness, which differ in impact.

Logic in Computer Science

Francisco Poggi,Bruno Strulovici

DOI: https://doi.org/10.48550/arXiv.2012.05066

2020-12-09

Theoretical Economics

Abstract:How to guarantee that firms perform due diligence before launching potentially dangerous products? We study the design of liability rules when (i) limited liability prevents firms from internalizing the full damage they may cause, (ii) penalties are paid only if damage occurs, regardless of the product's inherent riskiness, (iii) firms have private information about their products' riskiness before performing due diligence. We show that (i) any liability mechanism can be implemented by a tariff that depends only on the evidence acquired by the firm if a damage occurs, not on any initial report by the firm about its private information, (ii) firms that assign a higher prior to product riskiness always perform more due diligence but less than is socially optimal, and (iii) under a simple and intuitive condition, any type-specific launch thresholds can be implemented by a monotonic tariff.

Alex G. H. Chu,Xingqiang Du,Guohua Jiang

DOI: https://doi.org/10.1007/s10551-011-0804-2

IF: 6.331

2011-01-01

Journal of Business Ethics

Abstract:In the Chinese stock market, special treatment (ST) firms are the firms listed as facing imminent danger of delisting, unless they return to profitability after reporting two consecutive annual losses. Some ST firms voluntarily pay substantial fees to their external auditors to conduct interim audits, which are not required by regulations. In this study, we investigate and find that ST firms that pay for voluntary interim audits report greater discretionary accrued earnings, higher non-operating earnings, and higher returns on assets in ensuing annual reports. As a result, these firms are more likely to return to profitability and reduce their delisting risk. Our results, which contribute to the current debate on auditor independence, appear to be consistent with the possibility that ST firms “buy” external auditors’ cooperation to manipulate earnings when faced with the threat of delisting.

Qinwen Hu,Muhammad Rizwan Asghar,Sherali Zeadally

DOI: https://doi.org/10.1007/s00607-021-00954-6

2021-05-20

Computing

Abstract:Over the years, software applications have captured a big market ranging from smart devices (smartphones, smart wearable devices) to enterprise resource management including Enterprise Resource Planning, office applications, and the entertainment industry (video games and graphics design applications). Protecting the copyright of software applications and protection from malicious software (malware) have been topics of utmost interest for academia and industry for many years. The standard solutions use the software license key or rely on the Operating System (OS) protection mechanisms, such as Google Play Protect. However, some end users have broken these protections to bypass payments for applications that are not free. They have done so by downloading the software from an unauthorised website or by jailbreaking the OS protection mechanisms. As a result, they cannot determine whether the software they download is malicious or not. Further, if the software is uploaded to a third party platform by malicious users, the software developer has no way of knowing about it. In such cases, the authenticity or integrity of the software cannot be guaranteed. There is also a problem of information transparency among software platforms. In this study, we propose an architecture that is based on blockchain technology for providing data transparency, release traceability, and auditability. Our goal is to provide an open framework to allow users, software vendors, and security practitioners to monitor misbehaviour and assess software vulnerabilities for preventing malicious software downloads. Specifically, the proposed solution makes it possible to identify software developers who have gone rogue and are potentially developing malicious software. Furthermore, we introduce an incentive policy for encouraging security engineers, victims and software owners to participate in collaborative works. The outcomes will ensure the wide adoption of a software auditing ecosystem in software markets, specifically for some mobile device manufacturers that have been banned from using the open-source OS such as Android. Consequently, there is a demand for them to verify the application security without completely relying on the OS-specific security mechanisms.

computer science, theory & methods

Fariborz Farahmand,Mikhail J. Mike Atallah,Eugene H. Spafford,Mikhail J. Atallah

DOI: https://doi.org/10.1109/tem.2012.2185801

IF: 8.702

2013-05-01

IEEE Transactions on Engineering Management

Abstract:Technologies and procedures for effectively securing the enterprise in cyberspace exist, but are largely underdeployed. Reasons for this shortcoming include the neglect of the role of stakeholder perceptions in organizational reward systems, and misaligned incentives for effective allocation of resources. We present a methodology for practitioners to employ, with examples for identification of perverse incentives—situations where the interests of a manager or employee are not aligned with those of the organization—and for estimation of the damage caused by incentive misalignment. We present our revision to the risk perception model developed by Fischhoff and Slovic. We also present the results of our findings from our interviews of 42 information security executives across the U.S. about the role of risk perception and incentives in information security decisions. We discuss how to identify and to correct misalignments, to develop efficient incentive structures, and to include perceptual principles and security governance in making information security a property of the organizational environment. This research contributes to the practice and theory of information security, and has several implications for practitioners and researchers in the alignment of incentives and symmetrization of information across organizations.

management,business,engineering, industrial

Albert Y. Ha,Weixin Shang,Yunjie Wang

DOI: https://doi.org/10.1287/mnsc.2022.4358

IF: 5.4

2022-06-18

Management Science

Abstract:We develop a game-theoretic model to study the incentive for competing manufacturers to share supplier audit information. Based on the audit information, each manufacturer decides whether to source from a common supplier who has uncertain responsibility violation risk or to switch to a backup supplier who has no responsibility violation risk but charges a higher price. When supplier responsibility violation occurs, some consumers boycott the manufacturers involved. Audit information allows a manufacturer to reduce the uncertainty about the risk of the common supplier. We show that audit information sharing may make the manufacturers’ sourcing strategies more or less differentiated. As a result, the information-sharing decision is not monotone in the model parameters. We fully characterize the manufacturers’ equilibrium audit information-sharing and sourcing decisions and establish conditions under which audit information sharing induces the manufacturers to adopt more or less responsible sourcing strategies. We also show that a manufacturer could be better off when the cost premium of sourcing from the backup supplier or the risk of the common supplier becomes higher or the audit information becomes less accurate. We consider several extensions of the base model and demonstrate that the main insights remain mostly valid. This paper was accepted by Charles Corbett, operations management.

management,operations research & management science

L. H. Nguyen,S. Lins,G. Du,A. Sunyaev

DOI: https://doi.org/10.5445/IR/1000175289

2024-11-27

Abstract:The rapid integration of Artificial Intelligence (AI)-based systems offers benefits for various domains of the economy and society but simultaneously raises concerns due to emerging scandals. These scandals have led to the increasing importance of AI accountability to ensure that actors provide justification and victims receive compensation. However, AI accountability has a negative connotation due to its emphasis on penalizing sanctions, resulting in reactive approaches to emerging concerns. To counteract the prevalent negative view and offer a proactive approach to facilitate the AI accountability behavior of developers, we explore rewards as an alternative mechanism to sanctions. We develop a theoretical model grounded in Self-Determination Theory to uncover the potential impact of rewards and sanctions on AI developers. We further identify typical sanctions and bug bounties as potential reward mechanisms by surveying related research from various domains, including cybersecurity.

Computers and Society

Kelechi G. Kalu,Tanya Singla,Chinenye Okafor,Santiago Torres-Arias,James C. Davis

2024-06-12

Abstract:Many software products are composed by the recursive integration of components from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain provenance, many cybersecurity frameworks, standards, and regulations recommend the use of software signing. However, recent surveys and measurement studies have found that the adoption rate and quality of software signatures are low. These findings raise questions about the practical application of software signing, the human factors influencing its adoption, and the challenges faced during its implementation. We lack in-depth industry perspectives on the challenges and practices of software signing. To understand software signing in practice, we interviewed 18 high-ranking industry practitioners across 13 organizations. We provide possible impacts of experienced software supply chain failures, security standards, and regulations on software signing adoption. We also study the challenges that affect an effective software signing implementation. To summarize our findings: (1) We present a refined model of the software supply chain factory model highlighting practitioner's signing practices; (2) We highlight the different challenges -- Technical, Organizational, and Human -- that hamper software signing implementation; (3) We report that expert subjects disagree on the importance of signing; (4) We describe how failure incidents and industry standards affect the adoption of software signing and other security techniques. Our findings contribute to the understanding of software supply chain security by highlighting the impact of human and organizational factors on Software Supply Chain risks and providing nuanced insights for effectively implementing Software Supply Chain security controls -- towards Software signing in practice.

Software Engineering,Cryptography and Security

Yanru Zhang,Xiang-Yang Li,Zhu Han

DOI: https://doi.org/10.1109/glocom.2017.8254090

2017-01-01

Abstract:Nowadays, cloud computing has been identified as new opportunities for migrating to the expected agility, reuse, and adaptive capabilities that can support the ever changing IT trends, requirements and environments. However, for benefits of their own, there are various motivations for cloud service providers (CSPs) to behave unfaithfully toward cloud customers, such as invading data privacy and providing inaccurate data processing results to customers. On the other hand, constrained by computation resources and capabilities, customers mostly cannot independently process big data and perform verification on correctness and completeness. Under this information asymmetry, how to ensure the correctness and completeness of data processing, computation, and mining becomes a practically crucial issue that greatly impacts the widely deployment of cloud computing, as well as the future Internet. Though verifiable computing provides us with approaches to verify the computation results. There is hardly an approach that can ensure a 100% detection accuracy. In this paper, the concept of using penalty to decrease CSP's incentive to cheat is proposed from a contract theoretical aspect, where cloud service customers can resort to an external auditor to verify the computation results when needed. Then, an auditing contract which consists of penalty and service fee is proposed so that the CSP will be fined when being found out cheating. Subsequently, the problem is formulated to solve the efficient contract under incomplete information market. Furthermore, we give the simulation results to show the audit contract improve the efficiency of the system.

Sixuan Dang,Sheng Cao,Jingwei Li,Xiaosong Zhang

DOI: https://doi.org/10.1002/int.22670

IF: 8.993

2021-01-01

International Journal of Intelligent Systems

Abstract:As the gig economy continues to grow, behaviors of workers on gig service platforms have an increasing impact on service satisfaction. For example, fatigue driving behaviors of drivers in ride-hailing platforms may cause serious damages, both for individuals and society. Therefore, regulating behaviors of workers is urgent and challenging. A lot of studies are conducted to detect workers' noncompliance behaviors, such as detecting fatigue driving by computer vision or pattern recognition methods. However, few of them indicate how to efficiently exploit the detection results to regulate workers' behaviors. In this paper, we point out that workers' noncompliance behaviors and their incomes should be correlated, and propose a quantifiable computation framework that includes a price-based incentive mechanism and a method to verify the effectiveness of the mechanism. Historical behaviors of workers are summarized as credits and stored in nonfungible token called CreditToken to ensure that it cannot be tampered with. CreditToken will further affect workers' incomes. We abstract the decision-making behavior of workers as a Markov decision process and demonstrate the effectiveness of the incentive mechanism with model checking and formal methods. The analysis shows that our framework is able to provide a rational price strategy formation for gig service platforms, and can be flexibly integrated into existing pricing schemes to maximize the value of the detection results. Extensive experiments illustrate the advanced nature and practicality of our framework.

Liurong Zhao,Xiaoxi Yu,Xinyu Zhou

DOI: https://doi.org/10.3934/mbe.2023841

2023-10-10

Abstract:There are various regulatory mechanisms to coordinate vulnerability disclosure behaviors during crowdsourcing cybersecurity testing. However, in the case of unclear regulatory effectiveness, enterprises cannot obtain sufficient vulnerability information, third-party crowdsourcing cybersecurity testing platforms fail to provide trusted services, and the government lacks strong credibility. We have constructed a tripartite evolutionary game model to analyze the evolutionary process of the equilibrium of {legal disclosure, active operation, strict regulation}, and the paper reveals the impact of three regulatory mechanisms. We find that these participants' positive behaviors are in a stable state. Higher initial willingness accelerates the speed of reaching the evolutionary stability of the system, and this equilibrium is satisfied only if the governmental regulatory benefits are sufficiently high. Regarding the punishment mechanism, increased punishment for enterprises causes them to adopt positive behaviors faster, while the opposite occurs for platforms; increased punishment for platforms drives both participants to adopt positive behaviors faster. Concerning the subsidy mechanism, increased subsidy to enterprises causes them to adopt legal disclosure behaviors faster, while platforms remain unresponsive; increased subsidy to platforms motivates both players to choose their own positive behaviors. In terms of the collaborative disclosure mechanism, excessive collaborative costs reduce the platforms' willingness to operate actively, which decreases the enterprises' incentives to disclose vulnerability legally. These findings guide the government to establish suitable mechanisms to regulate the participants' behavior and promote the healthy development of the cybersecurity crowdsourcing industry.

Merlin Stein,Milan Gandhi,Theresa Kriecherbauer,Amin Oueslati,Robert Trager

2024-09-04

Abstract:Artificial Intelligence (AI) Safety Institutes and governments worldwide are deciding whether they evaluate and audit advanced AI themselves, support a private auditor ecosystem or do both. Auditing regimes have been established in a wide range of industry contexts to monitor and evaluate firms' compliance with regulation. Auditing is a necessary governance tool to understand and manage the risks of a technology. This paper draws from nine such regimes to inform (i) who should audit which parts of advanced AI; and (ii) how much capacity public bodies may need to audit advanced AI effectively. First, the effective responsibility distribution between public and private auditors depends heavily on specific industry and audit conditions. On the basis of advanced AI's risk profile, the sensitivity of information involved in the auditing process, and the high costs of verifying safety and benefit claims of AI Labs, we recommend that public bodies become directly involved in safety critical, especially gray- and white-box, AI model evaluations. Governance and security audits, which are well-established in other industry contexts, as well as black-box model evaluations, may be more efficiently provided by a private market of evaluators and auditors under public oversight. Secondly, to effectively fulfill their role in advanced AI audits, public bodies need extensive access to models and facilities. Public bodies' capacity should scale with the industry's risk level, size and market concentration, potentially requiring 100s of employees for auditing in large jurisdictions like the EU or US, like in nuclear safety and life sciences.

Computers and Society