University of Oulu > Faculty of Technology > Electrical and Information Engineering

OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Introducing constructive vulnerability disclosures

$RCSfile: index.html,v $ $Revision: 1.4 $ $Date: 2001/07/26 12:05:21 $

ABSTRACT

Product flaws that compromise information security emerge constantly, and a vivid debate is taking place on how these vulnerabilities should be handled. A partial disclosure concept, constructive disclosures, was introduced as an alternative to full disclosures and as a safety-net against reoccurring vulnerabilities of a similar kind. The proposed model was executed in a multi-vendor, multi-vulnerability case involving WAP gateway products. A complicated vulnerability case was successfully handled, with positive feedback. This result promotes the seeking of solid engineering practices that will take the vulnerability process beyond an art form.

Publication details and availability
Title:	Introducing constructive vulnerability disclosures
Publication details:	Laakso M., Takanen A., Röning J. "Introducing constructive vulnerability disclosures". In proceedings of the 13th FIRST Conference on Computer Security Incident Handling. Toulouse. June 17-22, 2001.
Availability:	[HTML] Full paper (revised, do not use for reference purposes) [PDF_] Full paper (original) [PS__] Full paper (original) [PDF_] Accompanying presentation (original) [PS__] Accompanying presentation (original) (gzip)

[This page is CSS2 enabled. Your browser might not fully support it]