ISC’s Self-discipline Convention on Disclosure and Disposal of Vulnerability Information Signed in Beijing
2015-06-22 10:57
In order to further manage information disclosure and the disposal of Internet security vulnerability, Network and Information Security Committee of the Internet Society of China (ISC) leads relevant organizations to draw up the Self-discipline Convention on Disclosure and Disposal of Vulnerability Information (called Convention) under the guidance of Ministry of Industry and Information Technology (MIIT). On June 19, the signing ceremony was held and 32 companies committing to the pact.
With the rapid development and popularity of Internet, more and more Internet security incidents turn up. Therefore, high risk vulnerabilities in information system become the main reason that cause Internet security incident. According to CNVD, newly added general hardware and software vulnerabilities keep a rapid growth, about 20% annual year. The key infrastructure and important information system have vulnerabilities, which may cause huge potential safety hazard and utilized by Hacker. It will not only threaten the safety of Internet data and users’ personal information, but also the whole information system.
Recently, the appearance and rapid development of domestic civil vulnerabilities platform have a positive effect on mobilizing the society, timely reminding and urging relevant affiliation to repair bugs and guard against risks, avoiding spreading. To give full play to these bugs, MIIT guide CNCERT to establish working relationships with civil vulnerabilities platform mainly deal with vulnerabilities in government sectors, major industries, and have received and managed more than 13,000 pieces of vulnerability information, which timely help to eliminate potential safety threats. However, there exist problems in discoursing vulnerabilities, which need to standardize. In addition, all parties need to work together to deal with vulnerabilities, and improve working efficiency, reduce threatens and economic losses.
Signing convention is the first time to standardize reception, management and publish of vulnerability information by manner of self-discipline. The convention makes stipulations on duties and self-discipline clauses of vulnerabilities disclosure and management, with the principles of Objective, Timely, Moderate. All parties should enhance cooperation, work actively to verify, evaluate, restore vulnerability information, and keep smooth interaction with users. The convention emphasizes that we should abide by the national policies and legislations, the regulations made by Chinese government, better manage the vulnerabilities disclosure relating to government and important information system department. At the same time, users’ right to know the vulnerabilities and security interests should be guaranteed.
More than 40 departments, entities attend the signing ceremony.
With the rapid development and popularity of Internet, more and more Internet security incidents turn up. Therefore, high risk vulnerabilities in information system become the main reason that cause Internet security incident. According to CNVD, newly added general hardware and software vulnerabilities keep a rapid growth, about 20% annual year. The key infrastructure and important information system have vulnerabilities, which may cause huge potential safety hazard and utilized by Hacker. It will not only threaten the safety of Internet data and users’ personal information, but also the whole information system.
Recently, the appearance and rapid development of domestic civil vulnerabilities platform have a positive effect on mobilizing the society, timely reminding and urging relevant affiliation to repair bugs and guard against risks, avoiding spreading. To give full play to these bugs, MIIT guide CNCERT to establish working relationships with civil vulnerabilities platform mainly deal with vulnerabilities in government sectors, major industries, and have received and managed more than 13,000 pieces of vulnerability information, which timely help to eliminate potential safety threats. However, there exist problems in discoursing vulnerabilities, which need to standardize. In addition, all parties need to work together to deal with vulnerabilities, and improve working efficiency, reduce threatens and economic losses.
Signing convention is the first time to standardize reception, management and publish of vulnerability information by manner of self-discipline. The convention makes stipulations on duties and self-discipline clauses of vulnerabilities disclosure and management, with the principles of Objective, Timely, Moderate. All parties should enhance cooperation, work actively to verify, evaluate, restore vulnerability information, and keep smooth interaction with users. The convention emphasizes that we should abide by the national policies and legislations, the regulations made by Chinese government, better manage the vulnerabilities disclosure relating to government and important information system department. At the same time, users’ right to know the vulnerabilities and security interests should be guaranteed.
More than 40 departments, entities attend the signing ceremony.
