| 安全漏洞的公开交易管理体制及其风险分析 |
| |
| 引用本文: | 熊琦,刘晖,易锦,刘林,张涛.安全漏洞的公开交易管理体制及其风险分析[J].清华大学学报(自然科学版),2011(10):1369-1374. |
| |
| 作者姓名: | 熊琦 刘晖 易锦 刘林 张涛 |
| |
| 作者单位: | 中国信息安全测评中心; |
| |
| 基金项目: | 国家自然科学基金资助项目(90818021) |
| |
| 摘 要: | 针对漏洞管理机制的复杂特性,在对现有漏洞管理体制进行多层次、多角度分析的基础上,总结利弊提出了一种基于公开交易的漏洞管理机制的设想,对其交易流程进行了阐述,并使用PEST-SWOT方法对其进行风险分析,综合考虑了政治P、经济E、社会S、技术T等因素,比较分析了机制的优势S、劣势W、机遇O、挑战T,提出了一系列业务战略,给出了规避风险、提高其可用性的具体措施。
|
| 关 键 词: | 安全漏洞 漏洞交易 漏洞验证 PEST-SWOT风险管理 |
Risk of the vulnerability management mechanisms based on public trading |
| |
| XIONG Qi,LIU Hui,YI Jin,LIU Lin,ZHANG Tao.Risk of the vulnerability management mechanisms based on public trading[J].Journal of Tsinghua University(Science and Technology),2011(10):1369-1374. |
| |
| Authors: | XIONG Qi LIU Hui YI Jin LIU Lin ZHANG Tao |
| |
| Institution: | XIONG Qi,LIU Hui,YI Jin,LIU Lin,ZHANG Tao(China Information Technology Security Evaluation Center,Beijing 100085,China) |
| |
| Abstract: | Managing vulnerability is a complex process.This paper describes current vulnerability management mechanisms and presents a public vulnerability trading mechanism.The vulnerability trade workflow is described with PEST-SWOT used to analyze the mechanism risk.The analysis takes into account politics,economics,society,and technology and compares the strengths,weakness,opportunities and threads with strategies for risk mitigation. |
| |
| Keywords: | security vulnerability vulnerability trading vulnerability verify PEST-SWOT risk management |
| 本文献已被 CNKI 等数据库收录! |
|
