Responsible Vulnerability Disclosure in Cryptocurrencies

被引:5
|
作者
Boehme, Rainer [1 ]
Eckey, Lisa [2 ]
Moore, Tyler [3 ]
Narula, Neha [4 ]
Ruffing, Tim [5 ]
Zohar, Aviv [6 ]
机构
[1] Univ Innsbruck, Comp Sci, Innsbruck, Austria
[2] Tech Univ Darmstadt, Darmstadt, Germany
[3] Univ Tulsa, Cyber Secur & Informat Assurance, Tulsa, OK 74104 USA
[4] MIT, Digital Currency Initiat, Cambridge, MA 02139 USA
[5] Blockstream, Darmstadt, Germany
[6] Hebrew Univ Jerusalem, Comp Sci, Jerusalem, Israel
来源
COMMUNICATIONS OF THE ACM | 2020年 / 63卷 / 10期
基金
美国国家科学基金会;
关键词
38;
D O I
10.1145/3372115
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Despite the focus on operating in adversarial environments, cryptocurrencies have suffered several security and privacy problems. In this article, researchers focus on the disclosure process itself, which presents unique challenges compared to other software projects. They examine some recent disclosures and discuss difficulties that have arisen. Cryptocurrency software is complex and vulnerabilities can be readily, and anonymously, monetized. Responsible vulnerability disclosure in cryptocurrencies is challenging as decentralized systems, by design, give no single party authority to push code updates. This review of case studies informs recommendations for preventing catastrophic cryptocurrency failures. Design decisions such as which protocol to implement or how to fix a vulnerability, must get support from most stakeholders to take effect.
引用
收藏
页码:62 / 71
页数:10
相关论文
共 50 条
  • [11] Automated Responsible Disclosure of Security Vulnerabilities
    Lisi, Andrea
    Mukherjee, Prateeti
    De Santis, Laura
    Wu, Lei
    Lagutin, Dmitrij
    Kortesniemi, Yki
    [J]. IEEE ACCESS, 2022, 10 : 10472 - 10489
  • [12] Determinants of Software Vulnerability Disclosure Timing
    Sen, Ravi
    Choobineh, Joobin
    Kumar, Subodha
    [J]. PRODUCTION AND OPERATIONS MANAGEMENT, 2020, 29 (11) : 2532 - 2552
  • [13] Optimal policy for software vulnerability disclosure
    Arora, Ashish
    Telang, Rahul
    Xu, Hao
    [J]. MANAGEMENT SCIENCE, 2008, 54 (04) : 642 - 656
  • [14] Disclosure of responsible information by Spanish local governments
    Pache-Duran, Maria
    Teresa Nevado-Gil, Maria
    [J]. INVESTIGACION BIBLIOTECOLOGICA, 2019, 33 (81): : 111 - 134
  • [15] Improving Internet of Things Vulnerability Disclosure and Coordination
    Berte, Dan-Radu
    [J]. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON BUSINESS EXCELLENCE, 2023, 17 (01): : 959 - 968
  • [16] Cyber Vulnerability Disclosure Policies for the Smart Grid
    Hahn, Adam
    Govindarasu, Manimaran
    [J]. 2012 IEEE POWER AND ENERGY SOCIETY GENERAL MEETING, 2012,
  • [17] A comparison of market approaches to software vulnerability disclosure
    Boehme, Rainer
    [J]. EMERGING TRENDS IN INFORMATION AND COMMUNICATION SECURITY, PROCEEDINGS, 2006, 3995 : 298 - 311
  • [18] Public Review for Vulnerability Disclosure Considered Stressful
    Holz, Ralph
    [J]. ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2023, 53 (02) : 2 - 2
  • [19] Can vulnerability disclosure be timely, detailed and coordinated?
    Isbitski, Michael
    [J]. Network Security, 2023, 2023 (12)
  • [20] Responsible Manufacturing with Information Disclosure Under Regulatory Inspections
    Cao, Yifan
    Shen, Bin
    [J]. ADVANCES IN PRODUCTION MANAGEMENT SYSTEMS: ARTIFICIAL INTELLIGENCE FOR SUSTAINABLE AND RESILIENT PRODUCTION SYSTEMS, APMS 2021, PT IV, 2021, 633 : 179 - 188
12345