International Vulnerability Database Alliance as an Effective Vulnerability Disclosure Technique
نویسندگان
چکیده
Vulnerability is one of the key factors that cause security incidents and has become a major international threat to network security. Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability disclosure or the disclosure of a vulnerability is the revelation of a vulnerability to the public at large. Previous work like Common Vulnerabilities and Exposures (CVE) offered to manage vulnerability. However, it had significant disadvantages in coverage and regional differences. The mechanisms of vulnerability disclosure in non-English speaking countries are less developed than the ones in English-speaking countries. International Vulnerability Database Alliance (IVDA) is proposed as an alliance model which consists of security organizations from different countries. IVDA provides an open channel for security organizations to share their efforts across the world. The evaluation of IVDA shows that the international alliance is rational and effective in vulnerability disclosure. Keywords-Network Security, Vulnerability, CVE,IVDA
منابع مشابه
Evaluation of Groundwater Vulnerability Using Data Mining Technique in Hashtgerd Plain
Groundwater vulnerability assessment would be one of the effective informative methods to provide a basis for determining source of pollution. Vulnerability maps are employed as an important solution in order to handle entrance of pollution into the aquifers. A common way to develop groundwater vulnerability map is DRASTIC. Meanwhile, application of the method is not easy for any aquifer due to...
متن کاملAn Empirical Analysis of Vendor Response to Disclosure Policy
Software vulnerability disclosure has generated intense interest and debate. In particular, there have been arguments made both in opposition to and in favor of alternatives such as full and instant disclosure and limited or no disclosure. An important consideration in this debate is the behavior of the software vendor. Does vulnerability disclosure policy have an effect on patch release behavi...
متن کاملImpact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis
Vulnerability disclosure is an area of public policy that has been subject to considerable debate, particularly between proponents of full and instant disclosure, and those of limited or no disclosure. This paper is an attempt to empirically test the impact of vulnerability information disclosure and availability of patches on attackers’ tendency to exploit vulnerabilities on one hand and on th...
متن کاملESTIMATING THE VULNERABILITY OF THE CONCRETE MOMENT RESISTING FRAME STRUCTURES USING ARTIFICIAL NEURAL NETWORKS
Heavy economic losses and human casualties caused by destructive earthquakes around the world clearly show the need for a systematic approach for large scale damage detection of various types of existing structures. That could provide the proper means for the decision makers for any rehabilitation plans. The aim of this study is to present an innovative method for investigating the seismic vuln...
متن کاملEmerging Issues in Responsible Vulnerability Disclosure
Security vulnerability in software is the primary reason for security breaches, and an important challenge for IT professionals is how to manage the disclosure of vulnerability information. The IT security community has proposed several disclosure policies, such as full vendor, immediate public and hybrid, and has debated which of these should be adopted by coordinating agencies such as CERT. O...
متن کامل