Backwards from zero: How the U.S. public evaluates the use of zero-day vulnerabilities in cybersecurity

IF 4 1区 社会学 Q1 INTERNATIONAL RELATIONS Contemporary Security Policy Pub Date : 2023-05-25 DOI:10.1080/13523260.2023.2216112
Marcelo M. Leal, P. Musgrave
{"title":"Backwards from zero: How the U.S. public evaluates the use of zero-day vulnerabilities in cybersecurity","authors":"Marcelo M. Leal, P. Musgrave","doi":"10.1080/13523260.2023.2216112","DOIUrl":null,"url":null,"abstract":"ABSTRACT Zero-day vulnerabilities are software and hardware flaws that are unknown to computer vendors. As powerful means of carrying out cyber intrusions, such vulnerabilities present a dilemma for governments. Actors that develop or procure such vulnerabilities may retain them for future use; alternatively, agencies possessing such vulnerabilities may disclose the flaws to affected vendors so they can be patched, thereby denying vulnerabilities not only to adversaries but also themselves. Previous research has explored the ethics and implications of this dilemma, but no study has investigated public opinion regarding zero-day exploits. We present results from a survey experiment testing whether conditions identified as important in the literature influence respondents’ support for disclosing or stockpiling zero-day vulnerabilities. Our results show that respondents overwhelmingly support disclosure, a conclusion only weakly affected by the likelihood that an adversary will independently discover the vulnerability. Our findings suggest a gap between public preferences and current U.S. policy.","PeriodicalId":46729,"journal":{"name":"Contemporary Security Policy","volume":"44 1","pages":"437 - 461"},"PeriodicalIF":4.0000,"publicationDate":"2023-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Contemporary Security Policy","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.1080/13523260.2023.2216112","RegionNum":1,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INTERNATIONAL RELATIONS","Score":null,"Total":0}
引用次数: 2

Abstract

ABSTRACT Zero-day vulnerabilities are software and hardware flaws that are unknown to computer vendors. As powerful means of carrying out cyber intrusions, such vulnerabilities present a dilemma for governments. Actors that develop or procure such vulnerabilities may retain them for future use; alternatively, agencies possessing such vulnerabilities may disclose the flaws to affected vendors so they can be patched, thereby denying vulnerabilities not only to adversaries but also themselves. Previous research has explored the ethics and implications of this dilemma, but no study has investigated public opinion regarding zero-day exploits. We present results from a survey experiment testing whether conditions identified as important in the literature influence respondents’ support for disclosing or stockpiling zero-day vulnerabilities. Our results show that respondents overwhelmingly support disclosure, a conclusion only weakly affected by the likelihood that an adversary will independently discover the vulnerability. Our findings suggest a gap between public preferences and current U.S. policy.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
从零开始:美国公众如何评估网络安全中零日漏洞的使用
零日漏洞是计算机供应商不知道的软件和硬件缺陷。作为实施网络入侵的有力手段,此类漏洞让各国政府进退两难。开发或获取此类漏洞的行为者可能会保留这些漏洞以备将来使用;或者,拥有此类漏洞的机构可能会向受影响的供应商披露漏洞,以便修补漏洞,从而不仅拒绝对手,而且拒绝自己的漏洞。之前的研究已经探讨了这种困境的伦理和影响,但没有研究调查过公众对零日漏洞的看法。我们提出了一项调查实验的结果,该实验测试了文献中确定的重要条件是否会影响受访者对披露或储存零日漏洞的支持。我们的结果显示,受访者压倒性地支持披露,这一结论只受到对手独立发现漏洞的可能性的微弱影响。我们的研究结果表明,公众的偏好与美国当前的政策之间存在差距。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
14.60
自引率
6.80%
发文量
22
期刊介绍: One of the oldest peer-reviewed journals in international conflict and security, Contemporary Security Policy promotes theoretically-based research on policy problems of armed conflict, intervention and conflict resolution. Since it first appeared in 1980, CSP has established its unique place as a meeting ground for research at the nexus of theory and policy. Spanning the gap between academic and policy approaches, CSP offers policy analysts a place to pursue fundamental issues, and academic writers a venue for addressing policy. Major fields of concern include: War and armed conflict Peacekeeping Conflict resolution Arms control and disarmament Defense policy Strategic culture International institutions. CSP is committed to a broad range of intellectual perspectives. Articles promote new analytical approaches, iconoclastic interpretations and previously overlooked perspectives. Its pages encourage novel contributions and outlooks, not particular methodologies or policy goals. Its geographical scope is worldwide and includes security challenges in Europe, Africa, the Middle-East and Asia. Authors are encouraged to examine established priorities in innovative ways and to apply traditional methods to new problems.
期刊最新文献
The last atomic Waltz: China’s nuclear expansion and the persisting relevance of the theory of the nuclear revolution The 2024 Bernard Brodie Prize The pervasive informality of the international cybersecurity regime: Geopolitics, non-state actors and diplomacy Message from the incoming editors Crypto-Atlanticism: The untold preferences of policy elites in neutral and non-aligned states
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1