摘要
网络安全漏洞的信息披露政策和共享是漏洞治理的核心事务,如何更有效的治理也是众多研究人员所关心的问题,本文主要研究网络安全漏洞产业的企业分布来讨论规制因素及规制方法。首先归纳漏洞的基本特征以及漏洞产生的原因,通过划定漏洞的生命周期,对应于漏洞信息的发现、披露和利用等三个环节,借鉴漏洞产业的研究框架,描述漏洞产业化的发展过程,辅以归纳和预测漏洞产业可能的发展趋势,侧重将漏洞产业分为厂商、漏洞发现、漏洞平台及漏洞利用等四个部分逐步讨论可行的规制因素,最后提出漏洞产业的规制因素及规制方法建议。
The information disclosure and sharing policies of cyber security vulnerabilities are the core of vulnerabilities governance and focus of the researchers. This paper will discuss the regulation factors and methods by exploring cyber security vulnerabilities prevention industry landscape. We will conclude the basic features and reasons of vulnerabilities, dividing the life cycle of vulnerabilities according to the discover, disclosure and utilization process of vulnerabilities. Based on the research framework of vulnerabihties industry, we try to describe the development process of vulnerabilities industry, aiding by concluding and predicting the probable development trends of vulnerabilities industry, focusing on the gradual discussion of the available regulation factors in areas of manufactures, vulnerabilities discover, vulnerabilities platform and vulnerabilities utilization. The final part is the regulation factors and methods of vulnerabilities industry
出处
《信息安全与通信保密》
2017年第3期22-38,共17页
Information Security and Communications Privacy
基金
信息网络安全公安部重点实验室开放课题项目资助(项目编号:C15605)
关键词
漏洞
漏洞生命周期
漏洞产业
产业规制
Vulnerability
life cycle ofvulnerabilities
vulnerabilities industry
regulation of industry
