- Publishing vulnerability information. Providing high-quality, timely, targeted, automated dissemination of vulnerability information enables defenders to make informed decisions and take action quickly.
- Encouraging the adoption and widespread use of exploit mitigation techniques on all platforms.
Reducing days of risk. Selecting reasonable disclosure deadlines is one way of achieving the goal of minimizing the time between a vulnerability's discovery and the remediation of its last deployed instance . Another way is to shorten the time between vulnerability disclosure and patch deployment by automating patch distribution using secure update mechanisms that make use of cryptographically signed updates or other technologies.
- Releasing high-quality patches. Increasing defenders' trust that patches won't break things or have undesirable side effects reduces lag in patch deployment by reducing the defenders' testing burden.
When possible, automated patch deployment can improve patch deployment rates too.
Panel borderStyle solid
- Harm Reduction Coalition, "Principles of Harm Reduction," [Online]. Available: http://harmreduction.org/about-us/principles-of-harm-reduction/.
- Harm Reduction Coalition, "What is harm reduction?" [Online]. Available: https://www.hri.global/what-is-harm-reduction.
- A. Householder, "Systemic Vulnerabilities: An Allegorical Tale of SteampunkVulnerability to Aero-Physical Threats," August 2015. [Online]. Available: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=442528.
- A. Arora, A. Nandkumar and R. Telang, "Does information security attack frequency increase with vulnerability disclosure? An empirical analysis," Information Systems Frontiers, vol. 8, no. 5, pp. 350-362, 2006. https://link.springer.com/article/10.1007/s10796-006-9012-5.