Computer Security Essay Example | Topics and Well Written Essays - 750 words - 4

Computer Security - Essay Example charge in mind the situation described above publication of a patch and providing technical information about vulnerability during disclosure can enable exploiters to take protective and preventive action. CERT, a federally funded quasi government organization, is a key player in the domain of vulnerability disclosure and prioritizes in the publication of preventive measures, such as a patch, in their disclosures. There are certain issues that revolve around the disclosing of vulnerability information. These are regarding the quantify of the release of patches which is made critical once vulnerability is disclosed. However the development of these patches takes time. This component clashes with that of instant disclosure, which leaves users defenseless against attackers who can exploit the disclosed vulnerability in the time that it takes for a patch to be released. These are the two critical dimensions that an optimal disclosure insurance address es. For the development of an optimal patch notification policy it is important to estimate the attackers and vendors behavior. If the vendors do not act quickly to instant disclosure then the formulation of a policy which incorporates this behavior will be strongly discouraged socially unfavorable. But even if vendors develop a patch quickly there lays a need to know how the attackers probability of attack changes with the disclosure, and with the patching. Other critical elements that the policy incorporates are a thorough investigation of vulnerabilities that are to a greater extent alike(p)ly to be exploited by attackers and hence require immediate attention. These are the ones that the vendors need to concentrate on developing patches for. Keeping in mind all these areas of concern we develop a optimal patch notification policy that balances the issues mentioned above. alone because a vendor releases a patch more quickly due to an early disclosure does not necessarily make th is action optimal. Using a game theoretic model Arora, Telang and Xu (2003) show that neither instantaneous disclosure nor secrecy policy is optimal. An optimal patch publication policy depends upon underlying factors like how quickly a vendors response is in releasing patches, and how likely attackers are to find and exploit unpatched vulnerabilities. Q2 Here we consider the incentives of the attackers as sanitary as the parties listed previously. What are the incentives of attackers? When we look at the internet we see how it has developed into a global system of interlinked computer networks which contrive made possible the central of information between millions of organizations. It has made possible new forms of social interactions as well as means to probe them. The internet is a unique spear for studying the development and the organization of a complex system. This is why numerous attackers are attracted towards the use of methods to hack into and manipulate various onlin e systems. There are umpteen classifications of hackers based on the incentives behind their attacks. There are the early gentle hackers, who break into systems to demonstrate their skills. Then there are the black hats, which might have been gentle hackers at some point but then are motivated to make money as part of an explosively booming art based on ever-present internet insecurity. Moving