{"title":"看到什么,说什么?协调加拿大基础设施安全漏洞的披露","authors":"Yuan Stevens, S. Tran, Ryan Atkinson","doi":"10.1109/istas52410.2021.9629214","DOIUrl":null,"url":null,"abstract":"Ill-intentioned actors are rapidly developing the means to exploit vulnerabilities in the software and infrastructure of governments around the world. Numerous jurisdictions now facilitate coordinated vulnerability disclosure for such public systems, providing good faith security researchers a predictable and cooperative process to disclose security vulnerabilities for patching before they are exploited. This study identifies that Canada may be falling behind its global peers by failing to implement such reporting procedures. It indicates the need for a straightforward vulnerability disclosure and remediation path involving federal systems, linked to improved legal frameworks and government policies for security vulnerability discovery and disclosure in Canada and beyond.","PeriodicalId":314239,"journal":{"name":"2021 IEEE International Symposium on Technology and Society (ISTAS)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"See something, say something? Coordinating the disclosure of security vulnerabilities in Canada’s infrastructure\",\"authors\":\"Yuan Stevens, S. Tran, Ryan Atkinson\",\"doi\":\"10.1109/istas52410.2021.9629214\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ill-intentioned actors are rapidly developing the means to exploit vulnerabilities in the software and infrastructure of governments around the world. Numerous jurisdictions now facilitate coordinated vulnerability disclosure for such public systems, providing good faith security researchers a predictable and cooperative process to disclose security vulnerabilities for patching before they are exploited. This study identifies that Canada may be falling behind its global peers by failing to implement such reporting procedures. It indicates the need for a straightforward vulnerability disclosure and remediation path involving federal systems, linked to improved legal frameworks and government policies for security vulnerability discovery and disclosure in Canada and beyond.\",\"PeriodicalId\":314239,\"journal\":{\"name\":\"2021 IEEE International Symposium on Technology and Society (ISTAS)\",\"volume\":\"76 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Symposium on Technology and Society (ISTAS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/istas52410.2021.9629214\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Symposium on Technology and Society (ISTAS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/istas52410.2021.9629214","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
See something, say something? Coordinating the disclosure of security vulnerabilities in Canada’s infrastructure
Ill-intentioned actors are rapidly developing the means to exploit vulnerabilities in the software and infrastructure of governments around the world. Numerous jurisdictions now facilitate coordinated vulnerability disclosure for such public systems, providing good faith security researchers a predictable and cooperative process to disclose security vulnerabilities for patching before they are exploited. This study identifies that Canada may be falling behind its global peers by failing to implement such reporting procedures. It indicates the need for a straightforward vulnerability disclosure and remediation path involving federal systems, linked to improved legal frameworks and government policies for security vulnerability discovery and disclosure in Canada and beyond.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
