|
Work item:
|
X.1219 (ex X.arc-ev)
|
|
Subject/title:
|
Functional requirements for a secured process to evaluate technical vulnerabilities
|
|
Status:
|
Approved on 2023-04-29 [Issued from previous study period]
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
-
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
The vulnerabilities evaluation by crowdsourcing is a good manner for famous online systems to find their technical vulnerabilities, but on the other hand, there are still many problems or challenges such as the shell script uploaded by members of a security team was not deleted after evaluation, resulting in a backdoor in the system. The functional requirements for a secured process to evaluate technical vulnerabilities are recommended in this recommendation. And the functional requirements with corresponded mechanisms would be mainly used to solve the lack of trust in the crowdsourcing manner. It is meaningful to make sure that the vulnerabilities evaluation operated by security teams be reliable, auditable, traceable, and controllable.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2019-09-12 16:17:58
|
|
Last update:
2023-03-29 13:02:42
|
