Automated Responsible Disclosure of Security Vulnerabilities

Andrea Lisi*, Prateeti Mukherjee, Laura De Santis, Lei Wu, Dmitrij Lagutin, Yki Kortesniemi

*Tämän työn vastaava kirjoittaja

Tutkimustuotos: LehtiartikkeliArticleScientificvertaisarvioitu

9 Lataukset (Pure)

Abstrakti

The disclosure of security vulnerabilities plays an important role in notifying vendors and the public about flaws in digital systems. Among the proposed disclosure approaches, the most utilized is Responsible Disclosure, which still suffers from several disadvantages such as fostering a false sense of security among the end-users, allowing arbitrary delays in the disclosure process, and forcing the party reporting a vulnerability to identify themselves, which has been exploited by vendors through intimidation and malpractice. To address these issues, this paper presents an improved version of the Responsible Disclosure approach called Automated Responsible Disclosure (ARD) - a solution that leverages distributed ledgers and interledger technologies to automate the disclosure process while offering increased security, privacy, and transparency. A prototype implementation has been released as open-source software, and the evaluation of the solution shows that ARD is capable of addressing the key shortcomings in existing solutions and fostering more transparent disclosure practices.

AlkuperäiskieliEnglanti
Sivut10472-10489
Sivumäärä18
JulkaisuIEEE Access
Vuosikerta10
Varhainen verkossa julkaisun päivämäärä13 marrask. 2021
DOI - pysyväislinkit
TilaJulkaistu - 2022
OKM-julkaisutyyppiA1 Julkaistu artikkeli, soviteltu

Sormenjälki

Sukella tutkimusaiheisiin 'Automated Responsible Disclosure of Security Vulnerabilities'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä