From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter – RVDP): The Latvian approach

Ķinis, Uldis

doi:10.1016/j.clsr.2017.11.003

Cited by 15 publications

(10 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It always comes to a simple rule: the chain is as strong as its weakest link [67]. Of course, after finding flaws it is important to follow the procedure commonly known as "responsible disclosure" [68][69][70]. In short terms, the procedure states that no information regarding a security flaw should be published before respective vendors have been informed and fix or patched released.…”

Section: Legality and Ethics Of Conducted Researchmentioning

confidence: 99%

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Majchrowicz

Duch

2021

Applied Sciences

View full text Add to dashboard Cite

Smart TV devices are gaining increasingly more popularity. Due to their nature, Smart TVs can access a lot of sensitive data. This is one of the reasons why the Smart TV has become a popular target of hacking recently. Manufacturers try to make such attacks more difficult, and one of the methods they use is the removal of symbols from the firmware. In principle, this would prevent or significantly hinder the preparation of malwares or homebrew that could run on different firmware versions. This article is focused on developing algorithms for automatic symbol resolution. We proposed two automatic symbol resolution methods designed for Smart TVs. Presented methods were tested on the firmwares of the most popular Smart TV manufacturers’, Samsung and LG, devices. Furthermore, an original framework is presented, which automatically locates the desired function in the binaries based on characteristic strings used in or near searched function. The developed framework is commonly used by homebrew developers (e.g., SamyGO) and releases developers from hardcoding function’s addresses for different firmwares.

show abstract

Section: Legality and Ethics Of Conducted Researchmentioning

confidence: 99%

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Majchrowicz

Duch

2021

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…It always comes to a simple rule: the chain is as strong as its weakest link [58]. Of course, after finding flaws, it is important to follow the procedure commonly known as "responsible disclosure" [59][60][61]. In short terms, the procedure states that no information regarding a security flaw should be published before respective vendors were informed and fix or patch released.…”

Section: Legality and Ethics Of Conducted Researchmentioning

confidence: 99%

Analysis of Tizen Security Model and Ways of Bypassing It on Smart TV Platform

Majchrowicz

Duch

2021

Applied Sciences

View full text Add to dashboard Cite

The smart TV market is growing at an ever faster pace every year. Smart TVs are equipped with many advanced functions, allow users to search, chat, browse, share, update, and download different content. That is one of the reason why smart TVs became a target for the hacker community. In this article, we decided to test security of Tizen operating system, which is one of the most popular smart TV operating systems. Tizen is used on many different devices including smartphones, notebooks, wearables, infotainment systems, and smart TVs. By now, there are articles which present security mechanisms of Tizen OS, and sometimes with a way to bypass them; however, none of them are applicable to the smart TVs. In the article, we focused on developing an algorithm that will allow us to gain root access to the smart TV. The proposed attack scenario uses CVE-2014-1303 and CVE-2015-1805 bugs to bypass or disable security mechanisms in Tizen OS and finally gain root access.

show abstract

“…Bug bounties have become increasingly popular in recent years. As a testimony of the popularity, even the United States Department of Defense (DoD) recently piloted a bug bounty program, which further led to a partnership with a crowdsourcing bug bounty platform [8,10]. Despite of the popularity, bug bounties are surrounded by many unanswered and controversial questions.…”

Section: Introductionmentioning

confidence: 99%

A Bug Bounty Perspective on the Disclosure of Web Vulnerabilities

Ruohonen¹,

Allodi²

2018

Preprint

View full text Add to dashboard Cite

Bug bounties have become increasingly popular in recent years. This paper discusses bug bounties by framing these theoretically against so-called platform economy. Empirically the interest is on the disclosure of web vulnerabilities through the Open Bug Bounty (OBB) platform between 2015 and late 2017. According to the empirical results based on a dataset covering nearly 160 thousand web vulnerabilities, (i) OBB has been successful as a community-based platform for the dissemination of web vulnerabilities. The platform has also attracted many productive hackers, (ii) but there exists a large productivity gap, which likely relates to (iii) a knowledge gap and the use of automated tools for web vulnerability discovery. While the platform (iv) has been exceptionally fast to evaluate new vulnerability submissions, (v) the patching times of the web vulnerabilities disseminated have been long. With these empirical results and the accompanying theoretical discussion, the paper contributes to the small but rapidly growing amount of research on bug bounties. In addition, the paper makes a practical contribution by discussing the business models behind bug bounties from the viewpoints of platforms, ecosystems, and vulnerability markets.

show abstract

From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter – RVDP): The Latvian approach

Cited by 15 publications

References 0 publications

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Analysis of Tizen Security Model and Ways of Bypassing It on Smart TV Platform

A Bug Bounty Perspective on the Disclosure of Web Vulnerabilities

Contact Info

Product

Resources

About