To Coerce or Not to Coerce? A Quantitative Investigation on Cybersecurity and Cybercrime Legislations Towards Large-Scale Vulnerability Notifications

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI:10.1109/ISSREW.2019.00085

S. Diop, J. D. Ndibwile, Doudou Fall, S. Kashihara, Y. Kadobayashi

{"title":"To Coerce or Not to Coerce? A Quantitative Investigation on Cybersecurity and Cybercrime Legislations Towards Large-Scale Vulnerability Notifications","authors":"S. Diop, J. D. Ndibwile, Doudou Fall, S. Kashihara, Y. Kadobayashi","doi":"10.1109/ISSREW.2019.00085","DOIUrl":null,"url":null,"abstract":"The rise of large-scale vulnerability scanners, which make the detection of vulnerabilities easy, has recently raised the attention to the security community. This leads to multiple research on the effectiveness of large-scale vulnerability notifications as a countermeasure and several studies have examined the different factors that could impact the effectiveness and how they could incite people to apply vulnerability fixing steps. And we contend that using a legal constraint could improve the vulnerability fixing rate. In this paper, we survey the Cybersecurity and Cybercrime Legislations of 156 countries looking for Articles that consider the liability of vulnerable resource owners. We discovered that only two countries required companies, regardless of the industry, to implement cybersecurity measures and conduct vulnerability assessments. This study aims to define a more effective large-scale vulnerability notifications system using Cybersecurity and Cybercrime Laws.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW.2019.00085","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The rise of large-scale vulnerability scanners, which make the detection of vulnerabilities easy, has recently raised the attention to the security community. This leads to multiple research on the effectiveness of large-scale vulnerability notifications as a countermeasure and several studies have examined the different factors that could impact the effectiveness and how they could incite people to apply vulnerability fixing steps. And we contend that using a legal constraint could improve the vulnerability fixing rate. In this paper, we survey the Cybersecurity and Cybercrime Legislations of 156 countries looking for Articles that consider the liability of vulnerable resource owners. We discovered that only two countries required companies, regardless of the industry, to implement cybersecurity measures and conduct vulnerability assessments. This study aims to define a more effective large-scale vulnerability notifications system using Cybersecurity and Cybercrime Laws.

查看原文本刊更多论文

强迫还是不强迫?面向大规模漏洞通报的网络安全与网络犯罪立法定量研究

大规模漏洞扫描器的兴起使得漏洞的检测变得容易，最近引起了安全社区的关注。这导致了对大规模漏洞通知作为对策的有效性的多项研究，一些研究已经检查了可能影响有效性的不同因素，以及它们如何激励人们应用漏洞修复步骤。我们认为，使用法律约束可以提高漏洞修复率。在本文中，我们调查了156个国家的网络安全和网络犯罪立法，寻找考虑弱势资源所有者责任的文章。我们发现，只有两个国家要求任何行业的公司实施网络安全措施并进行漏洞评估。本研究旨在利用网络安全和网络犯罪法定义一个更有效的大规模漏洞通知系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

自引率

0.00%

发文量