Responsible Vulnerability Disclosure in Cryptocurrencies

被引：5

作者：

Boehme, Rainer ^{[1
]}

Eckey, Lisa ^{[2
]}

Moore, Tyler ^{[3
]}

Narula, Neha ^{[4
]}

Ruffing, Tim ^{[5
]}

Zohar, Aviv ^{[6
]}

机构：

[1] Univ Innsbruck, Comp Sci, Innsbruck, Austria

[2] Tech Univ Darmstadt, Darmstadt, Germany

[3] Univ Tulsa, Cyber Secur & Informat Assurance, Tulsa, OK 74104 USA

[4] MIT, Digital Currency Initiat, Cambridge, MA 02139 USA

[5] Blockstream, Darmstadt, Germany

[6] Hebrew Univ Jerusalem, Comp Sci, Jerusalem, Israel

来源：

COMMUNICATIONS OF THE ACM | 2020年 / 63卷 / 10期

基金：

美国国家科学基金会;

关键词：

D O I：

10.1145/3372115

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Despite the focus on operating in adversarial environments, cryptocurrencies have suffered several security and privacy problems. In this article, researchers focus on the disclosure process itself, which presents unique challenges compared to other software projects. They examine some recent disclosures and discuss difficulties that have arisen. Cryptocurrency software is complex and vulnerabilities can be readily, and anonymously, monetized. Responsible vulnerability disclosure in cryptocurrencies is challenging as decentralized systems, by design, give no single party authority to push code updates. This review of case studies informs recommendations for preventing catastrophic cryptocurrency failures. Design decisions such as which protocol to implement or how to fix a vulnerability, must get support from most stakeholders to take effect.

引用

页码：62 / 71

页数：10

共 50 条

[1] From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter - RVDP): The Latvian approach
Kinis, Uldis
[J]. COMPUTER LAW & SECURITY REVIEW, 2018, 34 (03) : 508 - 522
[2] Bug Bounty Marketplaces and Enabling Responsible Vulnerability Disclosure: An Empirical Analysis
Subramanian, Hemang Chamakuzhi
Malladi, Suresh
[J]. JOURNAL OF DATABASE MANAGEMENT, 2020, 31 (01) : 38 - 63
[3] RESPONSIBLE INFORMATION DISCLOSURE
Opris, Madalina Elena
[J]. PROCEEDINGS OF THE 7TH INTERNATIONAL CONFERENCE ACCOUNTING AND MANAGEMENT INFORMATION SYSTEMS (AMIS 2012), 2012, : 514 - 526
[4] Ethical Hacking for Boosting IoT Vulnerability Management: A First Look into Bug Bounty Programs and Responsible Disclosure
Ding, Aaron Yi
De Jesus, Gianluca Limon
Janssen, Marijn
[J]. PROCEEDINGS OF THE EIGHTH INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS AND REMOTE SENSING (ICTRS 2019), 2019, : 49 - 55
[5] RESPONSIBLE FINANCIAL INFORMATION DISCLOSURE
Domnisoru, Sorin
Gherghinescu, Oana
Ogarca, Radu
[J]. PROCEEDINGS OF THE IVTH INTERNATIONAL CONFERENCE ON GLOBALIZATION AND HIGHER EDUCATION IN ECONOMICS AND BUSINESS ADMINISTRATION - GEBA 2010, 2011, : 235 - 240
[6] Vulnerability Disclosure Considered Stressful
Moura, Giovane C. M.
Heidemann, John
[J]. ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2023, 53 (02) : 3 - 10
[7] Anticipatory Ethics for Vulnerability Disclosure
Huskaj, Gazmend
Wilson, Richard L.
[J]. PROCEEDINGS OF THE 15TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY (ICCWS 2020), 2020, : 254 - 261
[8] Economics of software vulnerability disclosure
Arora, A
Telang, R
[J]. IEEE SECURITY & PRIVACY, 2005, 3 (01) : 20 - 25
[9] New hurdles for vulnerability disclosure
McKinney, Dave
[J]. IEEE SECURITY & PRIVACY, 2008, 6 (02) : 76 - 78
[10] Efficiency of vulnerability disclosure mechanisms to disseminate vulnerability knowledge
Cavusoglu, Hasan
Cavusoglu, Huseyin
Raghunathan, Srinivasan
[J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2007, 33 (03) : 171 - 185

← 1 2 3 4 5 →