Computer Security Essay Example | Topics and Well Written Essays - 750 words - 4

Computer Security - Essay Example Keeping in mind the situation described above publication of a patch and providing technical information about vulnerability during disclosure can enable user’s to take protective and preventive action. CERT, a federally funded quasi government organization, is a key player in the domain of vulnerability disclosure and prioritizes in the publication of preventive measures, such as a patch, in their disclosures. There are certain issues that revolve around the disclosing of vulnerability information. These are regarding the timing of the release of patches which is made critical once vulnerability is disclosed. However the development of these patches takes time. This component clashes with that of instant disclosure, which leaves users defenseless against attackers who can exploit the disclosed vulnerability in the time that it takes for a patch to be released. These are the two critical dimensions that an optimal disclosure policy addresses. For the development of an optimal patch notification policy it is important to estimate the attacker’s and vendor’s behavior. If the vendors do not act quickly to instant disclosure then the formulation of a policy which incorporates this behavior will be strongly discouraged socially unfavorable. But even if vendors develop a patch quickly there lays a need to know how the attacker’s probability of attack changes with the disclosure, and with the patching. Other critical elements that the policy incorporates are a thorough investigation of vulnerabilities that are more likely to be exploited by attackers and hence require immediate attention. These are the ones that the vendor’s need to concentrate on developing patches for. Keeping in mind all these area’s of concern we develop a optimal patch notification policy that balances the issue’s mentioned above. Simply because a vendor releases a patch more quickly due to an early disclosure does not necessarily make this action optimal. Using a game theoretic model Arora, Telang and Xu (2003) show that neither instantaneous disclosure nor secrecy policy is optimal. An optimal patch publication policy depends upon underlying factors like how quickly a vendor’s response is in releasing patches, and how likely attackers are to find and exploit unpatched vulnerabilities. Q2: Here we consider the incentives of the attackers as well as the parties listed previously. What are the incentives of attackers? When we look at the internet we see how it has developed into a global system of interlinked computer networks which have made possible the exchange of information between millions of organizations. It has made possible new forms of social interactions as well as means to probe them. The internet is a unique tool for studying the development and the organization of a complex system. This is why numerous attackers are attracted towards the use of methods to hack into and manipulate various online systems. T here are many classifications of hackers based on the incentives behind their attacks. There are the early gentle hackers, who break into systems to demonstrate their skills. Then there are the ‘black hats’, which might have been gentle hackers at some point but then are motivated to make money as part of an explosively booming business based on ever-present internet insecurity. Moving