Lindsey Polley
This dissertation is the first publicly available methods-based approach to examining the previously classified Vulnerabilities Equities Process (VEP)—a federal level policy to adjudicate decisions on whether to retain or disclose newly discovered software vulnerabilities. Since its public acknowledgment in 2014, the benefits and shortcomings of the VEP have been sharply debated in the public arena by media, digital advocacy groups, and academia. The lack of publicly available data on the VEP, however, means that the majority of current public discourse is largely rooted in uninformed opinion. Two key aspects of this debate have focused on the design of the VEP charter itself, and the representation of equities considered during the vulnerability adjudication process.
No comments:
Post a Comment