Why fair disclosure is so difficult

被引：0

作者：

Bradbury, Danny

机构：

来源：

Computer Fraud and Security | 2015年 / 2015卷 / 11期

关键词：

Compendex;

D O I：

10.1016/S1361-3723(15)30100-7

中图分类号：

学科分类号：

摘要：

It can be difficult for people to keep a secret at the best of times, and this is particularly true in the world of cyber-security. The whole industry rests on secrets, but some of them must be disclosed to make the user community safer. Disclosure of security flaws is a complicated and tense process, both for the researchers that discover them, and for the vendors that must fix them. Approaches range from full disclosure, where everything is made open immediately, through to fair disclosure, where information is made available on an agreed schedule. There are many nuances in between. Danny Bradbury explores the continuum of disclosure, and analyses some strengths and weaknesses along the way. © 2015 Elsevier Ltd.

引用

页码：5 / 8

页数：3

共 14 条

[1] Schneier B., 'Full Disclosure'. Cryptogram, Schneier on Security Blog, November 2001
[2] Grubb B., 'Heartbleed Disclosure Timeline: Who Knew What and When'. Sydney Morning Herald, April 2014
[3] Engineering and Technology History Wiki, IEEE, (1987)
[4] Vanderbilt T., 'The Lock Pickers'. Slate, March 2013
[5] 'Data Breach Investigations Report 2015'. Verizon, April 2015
[6] Mimoso M., 'Hacking Team Flash Zero Day Weaponized in Exploit Kits'. Threatpost, 8 Jul 8 2015
[7] Rain Forest Puppy, RFPolicy 2.0
[8] Vulnerability Disclosure Policy, CERT
[9] Zetter K., 'Kaminsky on How He Discovered DNS Flaw and More'. Wired, July 2008
[10] 'Feedback and Data-drive Updates to Google's Disclosure Policy'. Google Project Zero Blog, February 2015

← 1 2 →