Article in ssrn electronic Journal · July 015 doi: 10. 2139/ssrn. 2634590 citations 32 reads 1,108 author: Some of the authors of this publication are also working on these related projects

Reduce the ability of state security agencies to retain

Download 1,22 Mb. Pdf ko'rish bet 31/39 Sana 14.06.2022 Hajmi 1,22 Mb. #670202

Bu sahifa navigatsiya:

• Develop international agreements on spam, phishing emails and other forms of web-based attacks.

Reduce the ability of state security agencies to retain  zero-day exploits for law enforcement or national  security purposes by requiring that they be disclosed to  the software developer within a reasonable timeframe. 19 The US National Security Agency’s (NSA’s) policy toward  zero-day vulnerabilities is one example of the problem  of retention by state agencies. According to government  sources, the NSA apparently must tell a company that it  has discovered a zero-day exploit in its system (Zetter  2014). The major caveat to this requirement is that the NSA  can closely guard its knowledge of the zero-day exploit if  national security or law enforcement needs dictate (ibid.).  Many, if not most, computer programs can be used the  world over, so a zero-day exploit in nearly any program  can theoretically have national security or law enforcement  purposes because it could be used by adversaries of the  United States. In the interregnum, while governments sit  on zero-day exploits waiting for the chance to use them, the  vulnerabilities can also be discovered by criminal elements  and used to launch cyber attacks. Creating stricter rules  around the disclosure of zero-day exploits, likely along the  lines of a reasonable time frame for retention, perhaps on  the order of six months to one year after discovery, would  help limit the use of these exploits for criminal purposes.  Develop international agreements on spam, phishing  emails and other forms of web-based attacks.  Some  agreements, particularly to do with spam, already exist. As  the Internet spreads globally, the reach of these agreements  must also spread. Bringing new nations into the potential  agreements is also needed. In the case of some attacks, such  as DDoS attacks, no agreement exists and there is much  more to be done. Figuring out uniform rules to govern  these different forms of cyber attack is an important step  going forward.  Download 1,22 Mb. Do'stlaringiz bilan baham: