Matches in DBpedia 2016-04 for { <http://wikidata.dbpedia.org/resource/Q613868> ?p ?o }
Showing triples 1 to 27 of
27
with 100 triples per page.
- Q613868 subject Q8408035.
- Q613868 abstract "Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes. Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities with a high impact. Hiding these problems could cause a feeling of false security. To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and preventing any future damage. Depending on the potential impact of the vulnerability, the expected time needed for an emergency fix or workaround to be developed and applied and other factors, this period may vary between a few days and several months. It is easier to patch software by using the Internet as a distribution channel.Responsible disclosure fails to satisfy security researchers who expect to be financially compensated, while reporting vulnerabilities to the vendor with the expectation of compensation might be viewed as extortion. While a market for vulnerabilities has developed, vulnerability commercialization remains a hotly debated topic tied to the concept of vulnerability disclosure. Today, the two primary players in the commercial vulnerability market are iDefense, which started their vulnerability contributor program (VCP) in 2003, and TippingPoint, with their zero-day initiative (ZDI) started in 2005. These organisations follow the responsible disclosure process with the material bought. Between March 2003 and December 2007 an average 7.5% of the vulnerabilities affecting Microsoft and Apple were processed by either VCD or ZDI. Independent firms financially supporting responsible disclosure by paying bug bounties include Facebook, Google, Mozilla, and Barracuda Networks.Vendor-sec was a responsible disclosure mailing list. Many, if not all, of the CERT groups coordinate responsible disclosures.Selected security vulnerabilities resolved by applying responsible disclosure: Dan Kaminsky discovery of DNS cache poisoning, 5 months Radboud University Nijmegen breaks the security of the MIFARE Classic cards, 6 months MBTA vs. Anderson, MIT students find vulnerability in the Massachusetts subway security, 5 months MD5 collision attack that shows how to create false CA certificates, 1 week Starbucks gift card double-spending/race condition to create free extra credits, 10 days (Egor Homakov)↑ ↑ ↑ ↑ ↑ ↑ ↑".
- Q613868 wikiPageWikiLink Q1122253.
- Q613868 wikiPageWikiLink Q1405976.
- Q613868 wikiPageWikiLink Q1785366.
- Q613868 wikiPageWikiLink Q185235.
- Q613868 wikiPageWikiLink Q208218.
- Q613868 wikiPageWikiLink Q2798820.
- Q613868 wikiPageWikiLink Q3427818.
- Q613868 wikiPageWikiLink Q3510521.
- Q613868 wikiPageWikiLink Q355.
- Q613868 wikiPageWikiLink Q3700500.
- Q613868 wikiPageWikiLink Q37158.
- Q613868 wikiPageWikiLink Q4863194.
- Q613868 wikiPageWikiLink Q631425.
- Q613868 wikiPageWikiLink Q632004.
- Q613868 wikiPageWikiLink Q6784199.
- Q613868 wikiPageWikiLink Q75.
- Q613868 wikiPageWikiLink Q7808927.
- Q613868 wikiPageWikiLink Q7919636.
- Q613868 wikiPageWikiLink Q8408035.
- Q613868 wikiPageWikiLink Q842234.
- Q613868 wikiPageWikiLink Q92673.
- Q613868 wikiPageWikiLink Q95.
- Q613868 wikiPageWikiLink Q9661.
- Q613868 comment "Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes.".
- Q613868 label "Responsible disclosure".