FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2231349224> ?p ?o ?g. }

• W2231349224 abstract "Computing has become increasingly ubiquitous and embedded (as demonstrated by industrial control systems, in-vehicle systems, in-home care systems, and within the energy and transportation infrastructures). As a result, the issue of responsible vulnerability disclosure has returned to the fore. These new computing contexts require revisiting the nature of vulnerabilities and redefining responsible disclosure. The first goal of this work is to critique current disclosure practices. Based upon these critiques, grounded in the history of vulnerabilities, and informed by a series of expert interviews, we propose a model of risk-based responsible disclosure.Research on vulnerability disclosure policy was an early focus in economics of security, particularly until 2006. That earlier research, however, reasonably assumed models of computers that were applicable to desktops, laptops, and servers. That is, there is a centralized source of patches, patching is possible in a very short time frame, patching is low cost, and the issue of physical harm need not be addressed. Current disagreements arise in part from the increasing diversity of both vulnerabilities and their potential impact. There are some clear lines. For example, it is not acceptable to disclose a vulnerability by implementing it and causing harm to victims. There are also well-known reasons for disclosure, specifically for creating incentives for vendors to patch and diffusing information to potential victims for their use in risk mitigation.The trade-offs between transparency and confidentiality are increasingly complex. Responsible disclosure must be equitable: informing the marketplace, incentivizing software manufacturers to patch flaws, protecting vulnerable populations, and simultaneously minimizing the opportunities for malicious actors. To understand and resolve these challenges, we begin with the current state of vulnerability research. Stepping back provides a high-level historical perspective from the first identifiable vulnerability in a mass-produced device (beyond the canonical physical bugs in the first highly custom computers) to the Superfish malware in 2015. We describe extant models of disclosure, identifying the strengths and weaknesses of each of these. After that, we summarize factors previously used as vulnerability (and thus disclosure) metrics. These historical analyses and technical critiques are augmented by a series of interviews with technology and policy experts.For the vast majority of vulnerabilities, the questions of public disclosure are not “if” but rather when and at what level of detail. We conclude that there is now no single optimal disclosure regime. Given this, we advocate for a model of disclosure grounded in risk-based analysis. Such an analysis should be complete and deterministic for a given context. We propose the factors necessary for such a systematic analysis. We then use well-known cases to test the framework and provide illustrative but practical examples." @default.
• W2231349224 created "2016-06-24" @default.
• W2231349224 creator A5014988266 @default.
• W2231349224 creator A5086270015 @default.
• W2231349224 date "2015-01-01" @default.
• W2231349224 modified "2023-10-18" @default.
• W2231349224 title "Risk-Based Vulnerability Disclosure: Towards Optimal Policy" @default.
• W2231349224 cites W141628768 @default.
• W2231349224 cites W1971733255 @default.
• W2231349224 cites W1979820341 @default.
• W2231349224 cites W2059677378 @default.
• W2231349224 cites W2100505193 @default.
• W2231349224 cites W2116520617 @default.
• W2231349224 cites W2121838224 @default.
• W2231349224 cites W2136151078 @default.
• W2231349224 cites W2155597028 @default.
• W2231349224 cites W2158025026 @default.
• W2231349224 cites W2160258502 @default.
• W2231349224 cites W2162373348 @default.
• W2231349224 cites W2179301997 @default.
• W2231349224 cites W2404090337 @default.
• W2231349224 cites W2408418871 @default.
• W2231349224 cites W2408452443 @default.
• W2231349224 cites W3121589495 @default.
• W2231349224 cites W3123365097 @default.
• W2231349224 cites W3125291610 @default.
• W2231349224 cites W5599292 @default.
• W2231349224 cites W75112030 @default.
• W2231349224 doi "https://doi.org/10.2139/ssrn.2601191" @default.
• W2231349224 hasPublicationYear "2015" @default.
• W2231349224 type Work @default.
• W2231349224 sameAs 2231349224 @default.
• W2231349224 citedByCount "1" @default.
• W2231349224 crossrefType "journal-article" @default.
• W2231349224 hasAuthorship W2231349224A5014988266 @default.
• W2231349224 hasAuthorship W2231349224A5086270015 @default.
• W2231349224 hasConcept C112930515 @default.
• W2231349224 hasConcept C144133560 @default.
• W2231349224 hasConcept C162118730 @default.
• W2231349224 hasConcept C38652104 @default.
• W2231349224 hasConcept C41008148 @default.
• W2231349224 hasConcept C95713431 @default.
• W2231349224 hasConceptScore W2231349224C112930515 @default.
• W2231349224 hasConceptScore W2231349224C144133560 @default.
• W2231349224 hasConceptScore W2231349224C162118730 @default.
• W2231349224 hasConceptScore W2231349224C38652104 @default.
• W2231349224 hasConceptScore W2231349224C41008148 @default.
• W2231349224 hasConceptScore W2231349224C95713431 @default.
• W2231349224 hasLocation W22313492241 @default.
• W2231349224 hasOpenAccess W2231349224 @default.
• W2231349224 hasPrimaryLocation W22313492241 @default.
• W2231349224 hasRelatedWork W127007545 @default.
• W2231349224 hasRelatedWork W1300619 @default.
• W2231349224 hasRelatedWork W2033238208 @default.
• W2231349224 hasRelatedWork W2065652321 @default.
• W2231349224 hasRelatedWork W2073510031 @default.
• W2231349224 hasRelatedWork W2118094739 @default.
• W2231349224 hasRelatedWork W2165979087 @default.
• W2231349224 hasRelatedWork W2379513284 @default.
• W2231349224 hasRelatedWork W2737684287 @default.
• W2231349224 hasRelatedWork W4295181103 @default.
• W2231349224 isParatext "false" @default.
• W2231349224 isRetracted "false" @default.
• W2231349224 magId "2231349224" @default.
• W2231349224 workType "article" @default.