Search form

Comment (1)

avatar

Filip Vukovinski (not verified) March 21, 2018

Thank you Francesca and Stefania, your analysis and comparison of the two mentioned proposals is sound and fair. I would just like to quickly try and sketch out a potential proposal for an international binding regulation which would move the process of regulating cyberspace forward. I believe that the most pressing issue is the nation states weaponization and stockpiling of software errors and vulnerabilities - the notorious 0-day exploits. These are the technical means of cybernetic systems destruction and data theft. We need to devise a mechanism for encouraging nation state actors to disclose software vulnerabilities. This way, when a new vulnerability is detected and disclosed, software systems can be patched and upgraded, minimizing the offensive capability of other actors who know of that same vulnerability. Due process should be followed, ie. notifying the technology vendor before disclosure and making sure they will be able to issue a patch. I wonder if it would be feasible to create a global cybersecurity fund, 0-day market and clearing house in the existing UN system that would enable nation states to buy security notifications about vulnerabilities (for software they use) from that institution, but also enable them to sell their own 0-days. This is a fresh idea, and I will try to refine it more, but I do think that this is an interesting approach that needs more looking into. Filip

Leave a comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.
Scroll to Top