Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/08/more_on_the_vul.html
The Open Technology Institute of the New America Foundation has released a policy paper on the vulnerabilities equities process: “Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications.”
Their policy recommendations:
- Minimize participation in the vulnerability black market.
- Establish strong, clear procedures for disclosure when it discovers and acquires vulnerability.
- Establish rules for government hacking.
- Support bug bounty programs.
- Reform the DMCA and CFAA so they encourage responsible vulnerability disclosure.
It’s a good document, and worth reading.