摘要
基于小布什和奥巴马政府时期的探索和实践,特朗普政府发布新的《漏洞公平裁决政策和程序》以明晰联邦政府如何披露网络安全漏洞,主要内容体现在细化漏洞裁决程序,公开裁决考量因素,扩大"多利益攸关方"参与,并保留更多例外情形,努力提高透明度和增强问责制。《漏洞公平裁决政策和程序》在一定程度上完善了美国的漏洞管理体制,对我漏洞管理机制建设以及能力提升也具有重要借鉴意义。
Based on the practice of the Bush and Obama administration,The Trump administration has released a new and improved Vulnerabilities Equities Process (VEP),in order to clarify how various federal agencies disclose serious cyber security vulnerabilities and improve the transparency and accountability,including refining determination process,disclosing determination considerations,expanding multi-stakeholder participation and retaining more exceptions.VEP will apparently improve the United States’ vulnerability management system,Which is of important reference for our vulnerabilities management and capacity building .
作者
桂畅旎
杨婧婧
李维杰
GUI Chang-ni;YANG Jing-jing;LI Wei-jie(China Information Technology Security Evaluation Center, Beijing 100085,China)
出处
《信息安全与通信保密》
2018年第1期43-51,共9页
Information Security and Communications Privacy
关键词
漏洞
漏洞公平裁决
透明性
网络安全
Vulnerability
Vulnerabilities Equities Process
transparency
cyber security
