Srl | Item |
1 |
ID:
192522
|
|
|
Summary/Abstract |
Zero-day vulnerabilities are software and hardware flaws that are unknown to computer vendors. As powerful means of carrying out cyber intrusions, such vulnerabilities present a dilemma for governments. Actors that develop or procure such vulnerabilities may retain them for future use; alternatively, agencies possessing such vulnerabilities may disclose the flaws to affected vendors so they can be patched, thereby denying vulnerabilities not only to adversaries but also themselves. Previous research has explored the ethics and implications of this dilemma, but no study has investigated public opinion regarding zero-day exploits. We present results from a survey experiment testing whether conditions identified as important in the literature influence respondents’ support for disclosing or stockpiling zero-day vulnerabilities. Our results show that respondents overwhelmingly support disclosure, a conclusion only weakly affected by the likelihood that an adversary will independently discover the vulnerability. Our findings suggest a gap between public preferences and current U.S. policy.
|
|
|
|
|
|
|
|
|
|
2 |
ID:
186764
|
|
|
3 |
ID:
150177
|
|
|
4 |
ID:
146361
|
|
|
Publication |
New Delhi, Pentagon Press, 2016.
|
Description |
xiv, 346p.hbk
|
Standard Number |
9788182749184
|
|
|
|
|
|
|
Copies: C:2/I:0,R:0,Q:0
Circulation
Accession# | Call# | Current Location | Status | Policy | Location |
058748 | 005.8/SAM 058748 | Main | On Shelf | General | |
058749 | 005.8/SAM 058749 | Main | On Shelf | General | |
|
|
|
|
5 |
ID:
171961
|
|
|
Summary/Abstract |
By implementing novel intelligence techniques in cyberspace, security and intelligence agencies have become major actors in the cybersecurity landscape. As they no longer just passively gather information for their governments but conduct both defense and offense operations in cyberspace, they signal international actors that their conduct is at least tolerable, even if not officially acceptable. Thereby, the intelligence agencies generate norms for the rest of the international community. Yet, they remain under the international regulation radar for being sub-state entities. Consequently, the main argument of this article is the following: To prevent the hollowing-out of cyber regulation efforts, the norm-setting role of intelligence actors should be taken into account when designing cyber norms.
|
|
|
|
|
|
|
|
|
|