Indian Strategic Studies

Pages

▼

9 July 2017

Countering the Proliferation of Malware


Source Link
Trey Herr

States have turned to export controls to block the international transfer of malicious software and limit its harmful effects. Based on the nature of the software and the identity of the end user these controls should, in theory, keep malware out of the hands of the worst actors including those with sinister human rights aims. In practice, export controls fail to check the transfer of malware because they ignore the incentives of those who develop and use this software. Even worse, the controls chill the work of legitimate security researchers, undermining efforts to protect states and users from cyber threats and potentially offering the basis for broader information controls.1 Recognizing these shortcomings, a mix of academics, companies, and civil society group has attempted to reform the current export control regime. However even these modest reform efforts have produced only token changes. 

A more effective proposal would limit the supply of vulnerabilities available to attackers by reducing the amount of time any given vulnerability is available for an attacker to use in malware. Doing so will raise of the cost to build and acquire malicious software that depend on vulnerabilities. Using the United States as a model for implementation, this paper outlines ten recommendations to shorten the life cycle of vulnerabilities clustered around four key activities: 

Increase the number of software vulnerabilities discovered by expanding the accessibility of bug bounty programs to new companies, but narrowing their scope to the most important bugs. 

Increase the number of vulnerabilities disclosed by researchers to software developers by reforming two important pieces of federal law that currently chill security research. 
Increase the speed of patch issuance once developers learn of vulnerabilities in their products by improving transparency around how long it takes software developers to issue security patches. 
Increase the number of customers that apply patches to security flaws once issued by software developers by improving transparency around which 
companies apply patches – and which ones do not. 

Downloads 
Countering the Proliferation of Malwarehttp://www.belfercenter.org/publication/countering-proliferation-malware

For more information on this publication: Please contact
Maj Gen P K Mallick, VSM(Retd) at 00:01

No comments:

Post a Comment

‹
›
Home
View web version

About Me

My photo
Maj Gen P K Mallick, VSM(Retd)
B.E, M Tech, M Sc (Defence Studies), M Phil, MMS, taken part in CI Ops in Valley, Assam and Punjab. Worked in EW, SIGINT, Cyber, IT and Comn field. Wide experience in Command, Staff and Instructor appointments. Has been Senior Directing Staff (Army) in National Defence College. Published a large number of papers in peer reviewed journals on contemporary issues. He delivers talk in Seminar, Panel Discussion and workshops regularly. He has interests in Cyber, SIGINT, Electronic Warfare, Technology and CI/CT Ops.
View my complete profile
Powered by Blogger.