Responsible Vulnerability Disclosure in Cryptocurrencies

被引:5
|
作者
Boehme, Rainer [1 ]
Eckey, Lisa [2 ]
Moore, Tyler [3 ]
Narula, Neha [4 ]
Ruffing, Tim [5 ]
Zohar, Aviv [6 ]
机构
[1] Univ Innsbruck, Comp Sci, Innsbruck, Austria
[2] Tech Univ Darmstadt, Darmstadt, Germany
[3] Univ Tulsa, Cyber Secur & Informat Assurance, Tulsa, OK 74104 USA
[4] MIT, Digital Currency Initiat, Cambridge, MA 02139 USA
[5] Blockstream, Darmstadt, Germany
[6] Hebrew Univ Jerusalem, Comp Sci, Jerusalem, Israel
来源
COMMUNICATIONS OF THE ACM | 2020年 / 63卷 / 10期
基金
美国国家科学基金会;
关键词
38;
D O I
10.1145/3372115
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Despite the focus on operating in adversarial environments, cryptocurrencies have suffered several security and privacy problems. In this article, researchers focus on the disclosure process itself, which presents unique challenges compared to other software projects. They examine some recent disclosures and discuss difficulties that have arisen. Cryptocurrency software is complex and vulnerabilities can be readily, and anonymously, monetized. Responsible vulnerability disclosure in cryptocurrencies is challenging as decentralized systems, by design, give no single party authority to push code updates. This review of case studies informs recommendations for preventing catastrophic cryptocurrency failures. Design decisions such as which protocol to implement or how to fix a vulnerability, must get support from most stakeholders to take effect.
引用
收藏
页码:62 / 71
页数:10
相关论文
共 50 条
  • [41] The legal aspects of cybersecurity vulnerability disclosure: To the NIS 2 and beyond
    Vostoupal, Jakub
    Stupka, Vaclav
    Harasta, Jakub
    Kasl, Frantisek
    Loutocky, Pavel
    Malinka, Kamil
    [J]. COMPUTER LAW & SECURITY REVIEW, 2024, 53
  • [42] Towards a Greater Understanding of Coordinated Vulnerability Disclosure Policy Documents
    Walshe, Thomas
    Simpson, Andrew
    [J]. DIGITAL THREATS: RESEARCH AND PRACTICE, 2023, 4 (02):
  • [43] On the responsible investment disclosure practices of the world's largest pension funds
    Bianchi, Robert
    Drew, Michael
    Walk, Adam
    [J]. ACCOUNTING RESEARCH JOURNAL, 2010, 23 (03) : 302 - 318
  • [44] (Ir-) responsible disclosure of software vulnerabilities and the risk of criminal liability
    Brodowski, Dominik
    [J]. IT-INFORMATION TECHNOLOGY, 2015, 57 (06): : 357 - 365
  • [45] Cryptocurrencies
    Aggarwal, Shubhani
    Kumar, Neeraj
    [J]. BLOCKCHAIN TECHNOLOGY FOR SECURE AND SMART APPLICATIONS ACROSS INDUSTRY VERTICALS, 2021, 121 : 227 - 266
  • [46] Cryptocurrencies
    McCabe, Chris
    [J]. POETRY REVIEW, 2022, 112 (02): : 25 - 25
  • [47] The limits of responsible innovation: Exploring care, vulnerability and precision medicine
    Kerr, Anne
    Hill, Rosemary L.
    Till, Christopher
    [J]. TECHNOLOGY IN SOCIETY, 2018, 52 : 24 - 31
  • [48] Vulnerability, not just sex, responsible for high AIDS prevalence in Africa
    不详
    [J]. REPRODUCTIVE HEALTH MATTERS, 2003, 11 (22) : 192 - 192
  • [49] Exploring the Clustering of Software Vulnerability Disclosure Notifications Across Software Vendors
    Ruohonen, Jukka
    Holvitie, Johannes
    Hyrynsalmi, Sami
    Leppanen, Ville
    [J]. 2016 IEEE/ACS 13TH INTERNATIONAL CONFERENCE OF COMPUTER SYSTEMS AND APPLICATIONS (AICCSA), 2016,
  • [50] A study on Web security incidents in China by analyzing vulnerability disclosure platforms
    Huang, Cheng
    Liu, JiaYong
    Fang, Yong
    Zuo, Zheng
    [J]. COMPUTERS & SECURITY, 2016, 58 : 47 - 62
12345