Designing Vultron: A Protocol for Multi-Party Coordinated Vulnerability Disclosure (MPCVD)

Autor: Householder, Allen
Rok vydání: 2022
Předmět:
DOI: 10.1184/r1/19852798
Popis: The Coordinated Vulnerability Disclosure (CVD) process addresses a human coordination problem that spans individuals and organizations. In this report, we propose a formal protocol specification for Multi-Party Coordinated Vulnerability Disclosure (MPCVD) with the goal of improving the interoperability of both CVD and MPCVD processes. The Vultron protocol is composed of three interacting Deterministic Finite Automata (DFAs) for each CVD case Participant representing the Report Management (RM), Embargo Management (EM), and CVD Case State (CS) processes. Additionally, we provide guidance and commentary on the associated MPCVD Participant capabilities and behaviors necessary for this interoperability to be realized.
Databáze: OpenAIRE