摘要
网络安全漏洞披露已成为网络安全风险控制的中心环节。不规范或非法的网络安全漏洞披露危害网络空间整体安全,凸显法律规定的灰色地带。实践中网络安全漏洞披露表现为不披露、完全披露、负责任披露和协同披露等类型。美国从法律和政策层面分别构建网络安全漏洞披露规则,并根据形势不断进行调整,规则设计呈现从负责任披露到协同披露的变化趋势,国家层面统一的网络安全漏洞披露协调和决策机制也在进一步完善中。我国现行立法从产品和服务提供者、第三方和国家三个层面提出了网络安全漏洞合法披露的基本要求,可借鉴域外经验,以协同披露为导向,围绕披露主体、披露对象、披露方式和披露的责任豁免论证和设计网络安全漏洞披露规则体系,为安全漏洞披露行为提供明确指引。
The disclosure of cybersecurity vulnerabilities has become the central part of cybersecurity risk control.Non-standard or illegal disclosure endangers the overall security of cyberspace,highlighting the gray area of the law.There are four types of cybersecurity vulnerabilities disclosure in practice,including:non-disclosure,full disclosure,responsible disclosure and coordinated disclosure.America constructs its cybersecurity vulnerabilities rules from legal and policy aspects,and constantly adjusts them with the development of new situations.The design of rules presents a changing trend from responsible disclosure to coordinated disclosure,and the unified rules of coordination and decision-making of cybersecurity vulnerabilities disclosure are further improved on the national level.In China,current legislation puts forward the basic requirements of the legitimate disclosure of cybersecurity vulnerabilities from three aspects:the provider of product and service,the third parties and the government.Referring to the experience of other countries,we can design the system of cybersecurity vulnerabilities disclosure based on coordinated disclosure,focusing on the subjects,objects,measure and liability exemptions of disclosure so that clear guidance for cybersecurity vulnerabilities disclosure can be provided.
出处
《暨南学报(哲学社会科学版)》
CSSCI
北大核心
2018年第1期94-106,共13页
Jinan Journal(Philosophy and Social Sciences)
基金
国家社会科学基金重大项目"网络社会治理创新研究"(15ZDA047)
上海市科技创新行动计划"数据安全评估规范方案"(117DZ1101004)
公安理论及软科学研究计划"我国关键信息基础设施保护的法律对策研究"(2016LLYJGASS020)
公安部第三研究所所选项目"2017年度网络安全政策法律问题"(C17253)
关键词
网络安全漏洞
披露
类型
规则
协同
cybersecurity vulnerabilities
disclosure
types
rules
coordination
