Journal of Information Security Reserach ›› 2021, Vol. 7 ›› Issue (6): 496-502.

Previous Articles     Next Articles

A Comparative Study of International Vulnerability Equities Process 


  • Online:2021-06-10 Published:2021-06-10


时翌飞1,2 冯景瑜1 曹旭栋2 黄鹤翔2,3 王鹤3   

  1. 1(西安邮电大学网络空间安全学院 西安 710121)
    2(中国科学院大学国家计算机入侵防范中心 北京 100049)
    3(西安电子科技大学网络与信息安全学院 西安 710071)

  • 通讯作者: 时翌飞 硕士.主要研究方向为网络安全.
  • 作者简介:时翌飞 硕士.主要研究方向为网络安全. 冯景瑜 博士,副教授.主要研究方向为物联网安全与网络攻防. 曹旭栋 硕士.主要研究方向为网络安全. 黄鹤翔 硕士.主要研究方向为网络安全. 王 鹤 博士,副教授.主要研究方向:网络安全.

Abstract:  Cybersecurity vulnerabilities have become an important cyber weapon of various countries. To strengthen national control over security vulnerabilities, governments of various countries have released the vulnerability equities process (VEP), which evaluates vulnerabilities at the government level, and decides to disclose them for the purpose of protecting national interests or retain security vulnerability. At present, the vulnerability equities process faces the problems of low penetration rate, low transparency, and a low degree of standardization. To deal with this situation, the development of the vulnerability equities process was studied, and the current situation of the formulation of VEP procedures worldwide was analyzed and compared. It analyzes and compares the current situation of the world-wide VEP program formulation, mainly enumerating the current mature VEP. At the same time, discussed how to establish a standardized procedure for the vulnerability equities process, pointed out the challenges faced by the vulnerability equities process, and propose solutions. Finally, it provided some suggestions for my country to establish a vulnerability equities process.

Key words: vulnerability equities process, international vulnerability equities process, vulnerability assessment, vulnerability, national policy

摘要: 网络安全漏洞已成为各国重要的网络武器,为加强国家对安全漏洞的管控, 各国政府相继出台了安全漏洞公平裁决程序(VEP),该程序在政府层面评估安全漏洞,以保护国家利益为目的,决定披露或保留安全漏洞.目前安全漏洞公平裁决程序面临普及率不高、透明度和规范化程度低的问题.为应对这一情况,总结安全漏洞公平裁决程序的发展历程,针对目前世界范围的VEP程序制定情况进行了分析和对比,主要列举了目前较为成熟的安全漏洞公平裁决程序,并探索目前给出的给出各国VEP政策的对比分析表.同时对如何建立规范化安全漏洞公平裁决程序进行探讨,指出了目前安全漏洞公平裁决程序面临的挑战并提出解决方案.最终为我国建立安全漏洞公平裁决程序提供一些参考建议.

关键词: 安全漏洞公平裁决程序, 国际安漏洞公平裁决程序, 漏洞评估, 安全漏洞, 国家政策