White hat More than and 30 manufacturers to sign the disclosure of information disclosure and self
A5 (admin5.com) station network June 19th news, to regulate the disposal of information disclosure and guidance of safety administration, Ministry of industry and information network, Chinese Internet society network and Information Security Committee organized 32 units, signed the "China Internet Society vulnerability information disclosure and disposal of self-discipline", put forward the vulnerability information Convention the principle of disclosure, the disposal process, the details of the vulnerability, called for public entrance address and other information, intellectual property and other sensitive information, to avoid vulnerabilities are used by criminals.
this is the first way to regulate the industry self-regulation common vulnerability information reception, disposal and distribution aspects of behavior.
Convention CNCERT, vulnerability reporting platform and the hardware manufacturers, the management information system in vulnerability disclosure and disposal of responsibility and self-discipline provisions, proposed information disclosure "objective, timely and appropriate" three principles, also asked the parties to strengthen cooperation, actively carry out the work of active response, vulnerability assessment, verification repair and users.
convention stressed the need to comply with national policies and laws and regulations, focus on involving government departments and key information systems vulnerability disclosure and disposal, but also to actively protect the user’s right to know and the security vulnerabilities.
convention initiative to report and oppose the behavior of the underground industry through the purchase of hackers, trading loopholes, against illegal intrusion or destruction of other people’s information systems, and jointly prevent and resist the improper dissemination of vulnerability information.
according to the China Internet Association statistics, 65.5% of the site security vulnerabilities. The rapid development and popularization of Internet, network security incidents are increasing, the information system of the presence of high-risk vulnerabilities "has become an important factor in network security incidents, the media continue to disclose website data and user information leak is mainly caused by the information system loopholes.
according to the national information security vulnerabilities sharing platform (CNVD) included in the case, the number of new hardware and software vulnerabilities in the past three years, an average annual increase of about 20%, the number of vulnerabilities showed a rapid growth trend. There are loopholes will bring great security risks in key infrastructure and important information system could be used by hackers, not only may pose a threat to the network data and the user’s personal information security, safe operation and may even harm the whole information system.
to play an active role in vulnerability platform, the Ministry of industry and information technology, the sky, clouds and guide the CNCERT vulnerability box and many other folk vulnerability platform to establish a working relationship.
It is reported that
, human resources and social security, Ministry of industry and information technology, Ministry of water resources, the China Banking Regulatory Commission, China Securities Regulatory Commission, the National Energy Bureau and other government departments and units of banks, telecom operators, non operating units and civil Internet loophole reporting platform, Internet companies, security companies, hardware and software vendors, nearly 40 units attended the >