Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« How to Survive a Robot Uprising | Main | New Zealand Espionage History »

January 25, 2006

Vulnerability Disclosure Survey

If you have a moment, take this survey.

This research project seeks to understand how secrecy and openness can be balanced in the analysis and alerting of security vulnerabilities to protect critical national infrastructures. To answer this question, this thesis will investigate:
  1. How vulnerabilities are analyzed, understood and managed throughout the vulnerability lifecycle process.
  2. The ways that the critical infrastructure security community interact to exchange security-related information and the outcome of such interactions to date.
  3. The nature of and influences upon collaboration and information-sharing within the critical infrastructure protection community, particularly those handling internet security concerns.
  4. The relationship between secrecy and openness in providing and exchanging security-related information.

This looks interesting.

Posted on January 25, 2006 at 8:24 AM13 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

AzeJanuary 25, 2006 10:11 AM

Hmmm.. now, if the survey primarily contains people who read Bruce S. Blog, will it be fully representative of the general public?

elambJanuary 25, 2006 10:33 AM

Bruce,

Check this out:

"I registered deusto.com in 1997. Now, eight years later, Planeta Agostini, one of the biggest publishing groups in Spain and owner of Ediciones Deusto, sends me letters via its lawyers demanding me to transfer them the domain, because they registered the trademark "deusto" in 2002 (I repeat, I registered the domain in 1997)."

http://wolfb.com/2006/01/...

Love to hear your take on this!!

Davi OttenheimerJanuary 25, 2006 11:29 AM

It's kind of easy to see where Rick is going with this survey, but a couple questions threw me. For example I had a hard time understanding what he meant by this:

"Secrecy can be a convenient method to conceal management errors."

If you say no, does your answer get interpreted to mean secrecy is always inconvenient to conceal management errors? ("Can" as in possible).

Myles GrantJanuary 25, 2006 11:47 AM

So I'm the only one that sees "Tsk, Tsk, Tsk." when I go to the page?

Pat CahalanJanuary 25, 2006 12:42 PM

@ Miles

I sure don't.

Sounds like it's a web site that is being blocked by a proxy? You on a corporate network?

Try TOR :)

Pat CahalanJanuary 25, 2006 12:44 PM

@ Davi

I agree, some of the questions are leading. Some of them are also very subjective. I'd like to see the results of the study, just to see how they are presented.

Myles GrantJanuary 25, 2006 2:20 PM

@ Pit

Actually, I assume that site is blocking me, because of which large corporate network I happen to be on right now.

Jim HyslopJanuary 26, 2006 7:03 AM

@Myles
FWIW, I thought "Tsk, tsk, tsk" was your reaction to the site. Maybe you should be a little less subtle in future ;=)

Myles GrantJanuary 27, 2006 8:40 AM

@Jim

Sorry about that. That's literally all it says when I go there, and I thought that's what everyone was seeing.

AnonymousJanuary 27, 2006 3:00 PM

A agree with some fo the others that the questions were a bit leading (I agree with Davi?!?? Shocking!). Of course, rigging polls is more common than not.

My answer to several of the questions would be "it depends." I can think of some areas - for instance, a security flaw that only affects major core routers - that would be best shared only within the group of customers until a patch is available. Like everything else in life, some discretion is necessary. But IMHO the strongly preferred default is full disclosure.

RichJanuary 30, 2006 1:38 AM

Too many subjective ways to interpret the questions in this one. I'd like to see what quantitative formulas they use to analyze these results. Classic "survey 101" problems with this set of questions, but I am interesting in seeing the results nonetheless (just read the conclusions with your own serving of salt).

RonJanuary 30, 2006 2:58 PM

It's ironic that in order to take the survey on
security, you need to have set your browser to
poor security. I filled out the first page and clicked
"continue" and nothing happened. It requires that
you have JavaScript turned on.

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier