Skip to main content
SpringerLink
Log in

Discovery and Dissemination of Discovering Security Vulnerabilities

  • Chapter
  • First Online:
Disclosure of Security Vulnerabilities

Part of the book series: SpringerBriefs in Cybersecurity ((BRIEFSCYBER))

Abstract

The method of discovering security vulnerabilities raises separate legal and ethical issues apart from the disclosure of such vulnerabilities. This chapter explains the various methods of discovering and disseminating vulnerabilities (such as the use of a honeynet, youtube concept of proof videos, zero day exploit markets) and provides for an explanation of each method, then uses a case study where possible to introduce legal and ethical issues.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    [1].

  2. 2.

    Salgado, R., “The Legal Ramifications of Operating a Honeypot” (2005) IEEE Magazine Security and Privacy, vol. 1. Salgado is considered as a recognized authority of legal issues in honeypots. He is former attorney with the United States Department of Justice, Computer Crime and Intellectual Property Section, U.S. Department of Justice, and Senior Counsel with Yahoo!, Inc. He is now Senior Counsel of Google and Adjunct Professor at Stanford University.

  3. 3.

    [2].

  4. 4.

    “A honeynet is a closely monitored computing resource that we want to be probed, attacked, or compromised” Provos, see footnote 1.

  5. 5.

    [3].

  6. 6.

    Kemmerer, see footnote 3.

  7. 7.

    See footnote 3.

  8. 8.

    [4].

  9. 9.

    See footnote 3.

  10. 10.

    See Poulsen, footnote 13 in Chap. 1.

  11. 11.

    See footnote 3.

  12. 12.

    [5].

  13. 13.

    Poulsen, footnote 13 in Chap. 1, pages 336–358.

  14. 14.

    Ciphertext is data that has been encrypted. The goal of decryption is to convert the ciphertext to plaintext which can then be understood. See generally Anderson, R., Security Engineering: A Guide to Building Dependable Distributed Systems 2nd ed (Wiley 2008) Chapters 5 Cryptography and 6 Distributed Systems for excellent discussion on cryptography, encryption and decryption, pages 129–213.

  15. 15.

    Anderson, above.

  16. 16.

    Poulsen, footnote 13 in Chap. 1.

  17. 17.

    Security Focus at http://securityfocus.com.

  18. 18.

    [6].

  19. 19.

    Available at http://vx.netlux.org/index.html.

  20. 20.

    Metasploit Framework License Agreement available at http://www.metasploit.com/license.jsp.

  21. 21.

    [7].

  22. 22.

    “Cisco, ISS file suit against rogue researcher Robert Lemos”, SecurityFocus 2005-07-27 available at http://www.securityfocus.com/news/11259.

  23. 23.

    Wired “Blackhat Interview with Michael Lynn” 2005.

  24. 24.

    Discussion with computer security analyst who was present at the presentation.

  25. 25.

    Wired, see footnote 23.

References

  1. Holz T, Provos N (2008) Virtual honeypots: from botnet tracking to intrusion detection (Addison-Wesley), p 8

    Google Scholar 

  2. Stone-Gross B, Cavallaro L, Gilbert B, Sydlowski M, Kemmerer R, Kruegel C, Vigna G (2009) Your botnet is my botnet: analysis of a botnet takeover CCS, ACM 978-1-60

    Google Scholar 

  3. Kemmerer R (2010) “How to Steal a botnet and what can happen when you do” Google tech talk. Available at http://www.youtube.com/watch?v=2GdqoQJa6r4. Accessed 26 June 2010

  4. Symantec, Report on the Underground Economy (2008) Available at http://www.symantec.com/content/en/us/about/media/pdfs/underground_Econ_Report.pdf. Accessed 28 June 2010

  5. Harris S, Harper A, Eagle C, Ness J (2008) Gray hat hacking: the ethical hacker’s handbook. McGraw Hill, pp 277–307

    Google Scholar 

  6. Cluley G (2012) VXHeavens old-school virus writing website, raided by police http://nakedsecurity.sophos.com/2012/03/28/vx-heavens-virus-writing-website-raided/

  7. Maurushat A (2011) Australia. In: Cook S (ed) Freedom on the internet: a global assessment of internet and digital media. Freedom House, New York

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Law, The University of New South Wales, Anzac Parade, Kensington, Sydney, NSW, 2052, Australia

    Alana Maurushat

Authors
  1. Alana Maurushat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alana Maurushat .

Rights and permissions

Reprints and permissions

Copyright information

© 2013 The Author(s)

About this chapter

Cite this chapter

Maurushat, A. (2013). Discovery and Dissemination of Discovering Security Vulnerabilities. In: Disclosure of Security Vulnerabilities. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-5004-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-5004-6_3

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-5003-9

  • Online ISBN: 978-1-4471-5004-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation