Automated Responsible Disclosure of Security Vulnerabilities
Loading...
Access rights
openAccess
URL
Journal Title
Journal ISSN
Volume Title
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
Date
2021-11-08
Major/Subject
Mcode
Degree programme
Language
en
Pages
18
10472-10489
10472-10489
Series
IEEE Access, Volume 10
Abstract
The disclosure of security vulnerabilities plays an important role in notifying vendors and the public about flaws in digital systems. Among the proposed disclosure approaches, the most utilized is Responsible Disclosure, which still suffers from several disadvantages such as fostering a false sense of security among the end-users, allowing arbitrary delays in the disclosure process, and forcing the party reporting a vulnerability to identify themselves, which has been exploited by vendors through intimidation and malpractice. To address these issues, this paper presents an improved version of the Responsible Disclosure approach called Automated Responsible Disclosure (ARD) - a solution that leverages distributed ledgers and interledger technologies to automate the disclosure process while offering increased security, privacy, and transparency. A prototype implementation has been released as open-source software, and the evaluation of the solution shows that ARD is capable of addressing the key shortcomings in existing solutions and fostering more transparent disclosure practices.Description
| openaire: EC/H2020/779984/EU//SOFIE
Keywords
Distributed ledger, Privacy, Computer bugs, Smart contracts, Public transportation, Prototypes, Peer-to-peer computing
Other note
Citation
Lisi, A, Mukherjee, P, Santis, L D, Wu, L, Lagutin, D & Kortesniemi, Y 2021, ' Automated Responsible Disclosure of Security Vulnerabilities ', IEEE Access, vol. 10, pp. 10472-10489 . https://doi.org/10.1109/ACCESS.2021.3126401