Normal view MARC view ISBD view

Backwards from zero: how the U.S public evaluates the use of zero-day vulnerabilities in cybersecurity/ Marcelo M. Leal and Paul Musgrave

By:

LEAL Marcelo M

Contributor(s):

MUSGRAVE Paul M

Material type: Text

TextPublication details: 2023Subject(s):

CYBERSECURITY POLICY

Online resources:

click here for full text

In: Contemporary Security Policy Vol 44, No 3, July 2023, pp437-461Summary: Zero-day vulnerabilities are software and hardware flaws that are unknown to computer vendors. As powerful means of carrying out cyber intrusions, such vulnerabilities present a dilemma for governments. Actors that develop or procure such vulnerabilities may retain them for future use; alternatively, agencies possessing such vulnerabilities may disclose the flaws to affected vendors so they can be patched, thereby denying vulnerabilities not only to adversaries but also themselves. Previous research has explored the ethics and implications of this dilemma, but no study has investigated public opinion regarding zero-day exploits. We present results from a survey experiment testing whether conditions identified as important in the literature influence respondents' support for disclosing or stockpiling zero-day vulnerabilities. Our results show that respondents overwhelmingly support disclosure, a conclusion only weakly affected by the likelihood that an adversary will independently discover the vulnerability. Our findings suggest a gap between public preferences and current U.S. policy.

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings
Item type	Current library	Call number	Copy number	Status	Date due	Barcode
Journal Article	Mindef Library & Info Centre Journals	CYBERSEC (Browse shelf(Opens below))	1	Not for loan		70177-1001

Browsing Mindef Library & Info Centre shelves, Shelving location: Journals Close shelf browser (Hides shelf browser)

Previous								Next
Previous	CYBERCRIME Cybercrime at a scale : a practical study of deployments of HTTP-based botnet command and control panels/	CYBERSEC Bilateral alliances in an interconnected cyber world: cyber deterrence and operational control in the US Indo-Pacific strategy/	CYBERSEC Drawing a line: digital transnational repression against political exiles and host state sovereignty/	CYBERSEC Backwards from zero: how the U.S public evaluates the use of zero-day vulnerabilities in cybersecurity/	CYBERSECURITY Defending the new Silk Road/	CYBERSECURITY The role of a 'cyber czar'/	CYBERSECURITY Know the enemy/	Next

Zero-day vulnerabilities are software and hardware flaws that are unknown to computer vendors. As powerful means of carrying out cyber intrusions, such vulnerabilities present a dilemma for governments. Actors that develop or procure such vulnerabilities may retain them for future use; alternatively, agencies possessing such vulnerabilities may disclose the flaws to affected vendors so they can be patched, thereby denying vulnerabilities not only to adversaries but also themselves. Previous research has explored the ethics and implications of this dilemma, but no study has investigated public opinion regarding zero-day exploits. We present results from a survey experiment testing whether conditions identified as important in the literature influence respondents' support for disclosing or stockpiling zero-day vulnerabilities. Our results show that respondents overwhelmingly support disclosure, a conclusion only weakly affected by the likelihood that an adversary will independently discover the vulnerability. Our findings suggest a gap between public preferences and current U.S. policy.

CYBERSEC

There are no comments on this title.

to post a comment.