Description |
1 online resource (38 pages) : color illustrations |
Summary |
Cybersecurity, writ large, benefits enormously from an international community of researchers, hackers, and bug hunters. They find and disclose critical vulnerabilities, often responsibly, while working outside affected vendors or codebases. Yet, the policy debates that shape the legal environment around vulnerability disclosure often fail to consider cybersecurity as a function of both the supply of vulnerability research and the health of those research communities. This paper analyzes a series of Chinese regulatory changes altering vulnerability disclosure practices to assess their impact on the supply of research from China's significantly productive community. The paper examines disclosure data from a mix of proprietary and open-source codebases, looking across vendor and software types with a simple time-series analysis to look for the impact of recent Chinese regulations. The study of this data revealed that while national regulations do indeed affect the supply of vulnerability research under some circumstances, the effect is not as large, consistent, or discernible as might first be expected. The prospect of copycat regulations, however, motivates concluding policy recommendations focused on strengthening the health of the global vulnerability-research community and lowering barriers-to-entry for both research and disclosure |
Bibliography |
Includes bibliographical references |
Notes |
Online resource; title from PDF title page (Atlantic Council, viewed September 19, 2022) |
Subject |
Disclosure of information -- Government policy -- China
|
|
Disclosure of information -- Law and legislation -- Evaluation
|
|
Computer networks -- Security measures.
|
|
Computer networks -- Security measures
|
|
Disclosure of information -- Government policy
|
|
China
|
Form |
Electronic book
|
Author |
Bracket, Sara Ann, author
|
|
Gambrill, Yumi, author
|
|
Nettles, Emmeline, author
|
|
Herr, Trey, author
|
|
Atlantic Council of the United States, publisher.
|
|
Cyber Statecraft Initiative
|
|
Digital Forensic Research Lab
|
ISBN |
9781619772472 |
|
1619772477 |
|