[1]ISO/IEC 27005:2018 Information technology – security techniques -information se-curity risk management[S/OL]. Geneva:ISO,(2018-07-01)[2020-05-12].https://www.iso.org/standard/75281.html
[2]时翌飞,冯景瑜,黄鹤翔,等.安全漏洞国际披露政策研究[J].信息安全研究,2021,7(3):215-224
[3]Greenberg A. Here's a spy firm's price list for secret hacker techniques[EB/OL].WIRED,2015(2015-11-18)[2020-05-26].https://www.wired.com/2015/11/heres-a-spy-firms-price-list-for-secret-hacker-techniques/
[4]Kerner S M. Zerodium offering a $1 Million Ios9 Bug Bounty[EB/OL].eWeek,2015(2015-09-21)[2020-05-26].https://www.eweek.com/security/zerodium-offering-a-1-million-ios-9-bug-bounty
[5]CEPS(Centre for European Policy Studies).Software vulnerability Disclosure in Europe[EB/OL].Brussels:CEPS,2018[2020-05-11].https://www.ceps.eu/ceps-publications/software-vulnerability-disclosure-europe-technology-policies-and-legal-challenges/
[6]USG. National Security Policy Directive 54[EB/OL].(2008-01-08)[2020-06-01].https://fas.org/irp/offdocs/nspd/nspd-54.pdf
[7]USG. Commercial and Government Information Technology and Industrial Control Product or System Vulnerabilities Equities Policy and Process[EB/OL].[2020-05-10].https://www.eff.org/files/2015/09/04/document_71_-_vep_ocr.pdf
[8]Riley M. NSA Said to Have Used Heartbleed Bug, Exp-osing Consumers[EB/OL].(2014-04-11)[2020-05-10].https://www.bloomberg.com/news/articles/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers
[9]Ari Schwartz, Rob Knake. Government's Role in Vulnerability Disclosure: Creating a Permanent and Accountable Vulnerability Equities Process[EB/OL].(2016-06-01)[2020-05-21].https://www.belfercenter.org/publication/governments-role-vulnerability-disclosure-creating-permanent-and-accountable
[10]USG(United States Government).FOIA(Freedom of Information Act)[EB/OL].1967[2020-05-20].https://www.foia.gov/
[11]USG. Vulnerabilities Equities Policy and Process[EB/OL].(2017-11-15)[2020-05-20].https://d-russia.ru/wp-content/uploads/2017/11/VEP-Charter.pdf
[12]GCHQ(Government Communications Headquarters).The Equities Process[EB/OL].(2018-11-29)[2020-5-21].https://www.gchq.gov.uk/information/equities-process
[13]GCHQ.GCHQ and the NCSC publish the UK Equities Process[EB/OL]. (2018-11-29)[2020-05-21].https://www.gchq.gov.uk/news/dealing-vulnerabilities
[14]FIRST(Forum of Incident Response and Security Teams).Common Vulnerability Scoring System[EB/OL].[2020-05-20].https://www.first.org/cvss/
[15]ASD(Australian signals directorate).Responsible Release Prin-ciples for Cyber Security Vulnerabilities[EB/OL].(2019-03-15)[2020-05-26]. https://www.asd.gov.au/publications/Responsible-Release-Principles-for-Cyber-Security-Vulnerabilities
[16]CSE(Communications Security Establishment).CSE's Equities Management Framework[EB/OL].(2019-03-08)[2020-05-20].https://www.cse-cst.gc.ca/en/media/media-2019-03-08
[17]CSE(Communications Security Establishment).Communication Security Establishment Equities Management Framework Fact Sheet[EB/OL].(2019-03-08)[2020-05-26].https://www.cse-cst.gc.ca/en/media/media-2019-03-08_fact-sheet
[18]中华人民共和国工业和信息化部.网络安全漏洞管理规定(征求意见稿)[EB/OL].(2019-06-18)[2020-05-26].http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c7005976/content
[19]国家互联网信息办公室.网络安全审查办法[EB/OL].(2020-04-27)[2020-06-10].http://www.cac.gov.cn/2020-04/27/c_1589535450769077.htm
[20]李留英.美国网络威胁情报共享实践研究[J].信息安全研究,2020,6(10):941-946