Designing Vultron: A Protocol for Multi-Party Coordinated Vulnerability Disclosure (MPCVD)

Abstract

The Coordinated Vulnerability Disclosure (CVD) process addresses a human coordination problem that spans individuals and organizations. In this report, we propose a formal protocol specification for Multi-Party Coordinated Vulnerability Disclosure (MPCVD) with the goal of improving the interoperability of both CVD and MPCVD processes. The Vultron protocol is composed of three interacting Deterministic Finite Automata (DFAs) for each CVD case Participant representing the Report Management (RM), Embargo Management (EM), and CVD Case State (CS) processes. Additionally, we provide guidance and commentary on the associated MPCVD Participant capabilities and behaviors necessary for this interoperability to be realized.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2022
Accession Number
AD1172645

Entities

People

  • Allen D. Householder

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I
  • Cyber

DTIC Thesaurus Topics

  • Artificial Intelligence
  • Automata
  • Automata Theory
  • Commerce
  • Communications Protocols
  • Computer Programming
  • Computers
  • Cybersecurity
  • Engineering
  • Failure Mode And Effect Analysis
  • Grammars
  • Information Systems
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Lessons Learned
  • Machines
  • Ontologies
  • Security
  • Software Development
  • Standards
  • Transport Protocols
  • Video Games

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • International Relations and European Studies
  • Mathematical Modeling and Probability Theory.