The Vulnerability Economy: Zero-Days, Cybersecurity, and Public Policy Harvard Case Solution & Analysis

In 2011, Dillon Beresford, a computer security specialist, found a run of new vulnerabilities impacting components of widely used industrial control systems. Zero day vulnerabilities are crucial elements of computer viruses, worms, and other types of malware. Vendors and security companies seek these flaws to be able to patch and repair insecure software and hardware. Increasingly, nevertheless, nation states and offenders purchase zero-days from security researchers that are independent in order to develop new harmful cyber weapons and capabilities. Handling the growing commerce in zero day vulnerabilities is a vital challenge for corporate leaders as well as policymakers.

The case reviews the combination of incentives that may support or deter the discoverer of a new zero-day to: (1) divulge the defect to the seller of the risky software or hardware privately; (2) divulge the defect to the public, without notifying the vendor; (3) pursue a hybrid vehicle-strategy called accountable or coordinated disclosure; (4) or opt to sell the vulnerability. The case illuminates the various costs and advantages of all these approaches for the security researcher, the seller of hardware or the flawed software, and the people at large. In the end, the case asks students to consider which model of disclosure is the most beneficial for the public and to consider what policy levers are most useful in supporting that model. Case amount 2029.0

The Vulnerability Economy Zero-Days, Cybersecurity, and Public Policy Case Study Solution

PUBLICATION DATE: February 04, 2015 PRODUCT #: KS1013-HCB-ENG

This is just an excerpt. This case is about TECHNOLOGY & OPERATIONS

The Vulnerability Economy: Zero-Days, Cybersecurity, and Public Policy Case Solution Other Similar Case Solutions like

The Vulnerability Economy: Zero-Days, Cybersecurity, and Public Policy

Share This