International Journal of Scientific and Management Research

Crowdsourcing Cyber Resilience: A Community-Based Approach to Threat Chronicles and Zero-Day Defense

Arafat Bikadho, Tendai Nemure, Ruvimbo Mashinge, & Mazvita Madziyanike
Department of Cybersecurity, Yeshiva University, New York, USA
Department of Cybersecurity, Yeshiva University, New York, USA
Department of Cybersecurity, Yeshiva University, New York, USA
Department of Cybersecurity, Yeshiva University, New York, USA
DOI – http://doi.org/10.37502/IJSMR.2025.81217

Abstract

The accelerating complexity of cyber threats has exposed the limitations of traditional, prevention‑centric security models and underscored the need for adaptive, system‑wide cyber resilience. This article examines how crowdsourcing can serve as a transformative mechanism for strengthening cyber resilience through enhanced threat chronicles and more agile Zero‑Day defense. Drawing on resilience theory, collective intelligence research, and contemporary cybersecurity scholarship, the study develops a conceptual framework that integrates community‑driven collaboration into core defensive processes. Through qualitative analysis and detailed case studies – including SolarWinds, WannaCry, and Log4j – the article demonstrates that while threat chronicles and Zero‑Day defense are essential components of resilience, their current implementation remains constrained by centralized governance, limited participation, and fragmented information flows. The findings reveal that crowdsourcing offers significant potential to diversify threat intelligence sources, accelerate vulnerability discovery, and improve adaptive capacity. However, realizing this potential requires structured governance models, validation mechanisms, and cultural shifts toward shared responsibility. The article concludes by proposing a set of recommendations for operationalizing community‑based cyber resilience and outlines directions for future empirical research.

Keywords: Cyber resilience; crowdsourcing; threat chronicles; Zero‑Day vulnerabilities; Zero‑Day defense; collective intelligence; cybersecurity governance; community‑based security; threat intelligence; digital ecosystems.

References

• Apache Software Foundation. (2021). Apache Log4j security vulnerabilities. https://logging.apache.org/log4j/2.x/security.html
• Araujo, R., Silva, M., & Costa, C. (2024). Resilience in the context of cyber security. Journal of Information Security, 18(2), 45–62.
• Arshad, J., Talha, M., Saleem, B., Shah, Z., Zaman, H., & Muhammad, Z. (2024). A survey of bug bounty programs in strengthening cybersecurity and privacy in the blockchain industry. Blockchains, 2(3), 195–216. https://www.mdpi.com/2813-5288/2/3/10
• Bada, A., & Nurse, J. R. C. (2019). Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). Information & Computer Security, 27(3), 393–410.
• Bilge, L., & Dumitras, T. (2012). Before we knew it: An empirical study of Zero‑Day attacks in the real world. Proceedings of the 2012 ACM Conference on Computer and Communications Security, 833–844.
• Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101.
• Charrier, C., Sadowski, J., Lecigne, C., & Stolyarov, V. (2025). Hello 0‑Days, My Old Friend: A 2024 Zero‑Day Exploitation Analysis. Google Threat Intelligence Group. https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends
• Check Point / Mitchelson, D. (2024). Key strategies for building cyber resilience in 2024. https://blog.checkpoint.com/executive-insights/key-strategies-for-building-cyber-resilience-in-2024/
• (2024). Cybersecurity Alerts & Advisories. Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/news-events/cybersecurity-advisories
• (2020). Advanced persistent threat compromise of government agencies, critical infrastructure, and private sector organizations (Alert AA20‑352A). Cybersecurity and Infrastructure Security Agency.
• (2024). CrowdStrike 2024 Global Threat Report. https://www.crowdstrike.com/en-us/resources/reports/crowdstrike-2024-global-threat-report/
• Dittrich, D., & Kenneally, E. (2012). The Menlo Report: Ethical principles guiding information and communication technology research. U.S. Department of Homeland Security.
• (2018). WannaCry ransomware: One year later. European Union Agency for Law Enforcement Cooperation.
• Finifter, M., Akhawe, D., & Wagner, D. (2013). An empirical study of vulnerability rewards programs. USENIX Security Symposium, 273–288.
• Kostyuk, N., & Wayne, C. (2021). The SolarWinds cyberattack: What happened and why it matters. Journal of Cybersecurity, 7(1), 1–12.
• IBM Security. (2024). Cost of a Data Breach Report 2024. https://www.ibm.com/reports/data-breach
• IOSR Journals. (2024). Zero‑Day Vulnerabilities and the Clandestine Exploits Market: A Comprehensive Analysis. https://www.iosrjournals.org/iosr-jhss/papers/Vol.30-Issue1/Ser-7/B3001071120.pdf
• Joinson, A. N., Dixon, M., Coventry, L., & Briggs, P. (2023). Development of a new “human cyber‑resilience scale.” Journal of Cybersecurity, 9(1), 1–10. https://academic.oup.com/cybersecurity/article/9/1/tyad007/7130095
• Linkov, I., Trump, B. D., Poinsatte‑Jones, K., & Florin, M. V. (2018). Governance strategies for a sustainable digital world. Sustainability, 10(2), 440.
• Malone, T. W., Laubacher, R., & Dellarocas, C. (2010). The collective intelligence genome. MIT Sloan Management Review, 51(3), 21–31. https://sloanreview.mit.edu/article/the-collective-intelligence-genome/
• (2023). NIST Cybersecurity Framework (CSF). National Institute of Standards and Technology. https://www.nist.gov/cyberframework
• Stouffer, K., Lightman, S., Pillitteri, V., Abrams, M., & Hahn, A. (2021). Guide to industrial control systems (ICS) security (NIST Special Publication 800‑82 Rev. 2). National Institute of Standards and Technology.
• Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., & Thomas, C. B. (2018). MITRE ATT&CK: Design and philosophy. MITRE Corporation.
• Tzavara, A., & Vassiliadis, S. (2024). Tracing the evolution of cyber resilience. Journal of Cyber Policy, 9(1), 112–130.
• (2022). How VirusTotal works. https://www.virustotal.com
• World Economic Forum. (2022). Global cybersecurity outlook 2022. World Economic Forum.
• Zhang, Y., Wang, S., & Chen, X. (2020). Collective intelligence in cybersecurity: A systematic review. ACM Computing Surveys, 53(6), 1–36.