Séminaire SoSySec : Vulnerability disclosure and third parties’ involvement in software security

Séminaire
Date de début
Date de fin
Lieu
IRISA Rennes
Salle
Salle Aurigny
Orateur
Arrah-Marie JO (IMT Atlantique)

SoSySec seminar Software and Systems Security
Inria - Rennes
Friday March 3, 11:00
Remotely via BBB: https://bbb.inria.fr/all-t0p-qjq-9em
Access code: 192737

-------------------------------------------------------
Arrah-Marie JO (IMT Atlantique)
-------------------------------------------------------
======================================================================
Vulnerability disclosure and third parties’ involvement in software security
======================================================================

Around the debate on software vulnerability disclosure, existing works have mostly explored how disclosure gives an incentive to software vendors to better secure their software. The role of third parties such as business users, security firms, downstream software vendors or service providers is rarely taken account, while in fact these actors are increasingly involved in improving the security of a software. In this talk, I will present the results of an empirical study using data from 2009 to 2018 on vulnerabilities disclosed on SecurityFocus BugTraq on how the public disclosure of a critical vulnerability affects the contribution of software vendors and third parties in discovering new vulnerabilities.

 

To follow the presentation remotely, please connect to the followingURL with a modern web browser:
- URL: https://bbb.inria.fr/all-t0p-qjq-9em
Access code: 192737
- Alternative audio access by phone will be possible but the parameters will be announced only a few minutes before the presentation.

Seminar taking place in person with mandatory registration at least 48h beforehand for *all* in-person participants by email to Nadia Derouault < nadia [*] derouaultatinria [*] fr >. Participants non-affiliated with Inria or IRISA will be asked to present an ID at the reception desk of the IRISA building.

To receive the SoSySec announcements, please subscribe to the SoSySec mailing list:
https://sympa.inria.fr/sympa/subscribe/sosysec
All past and future SoSySec talks are listed at
https://seminaires-dga.inria.fr/en/seances-a-venir/
----------------------------------------------------------------------

Séminaire en présentiel ouvert à tous et toutes mais avec inscription obligatoire au moins 48h à l'avance pour *tous* les participants en présentiel auprès de Nadia Derouault <nadia [*] derouaultatinria [*] fr>.
Les participants externes devront se présenter à l'accueil avec une pièce d'identité.

Vous pouvez vous abonner à nos annonces de séminaires :
https://sympa.inria.fr/sympa/subscribe/sosysec
et consulter la liste des exposés passés et à venir :
https://seminaires-dga.inria.fr/seances-a-venir/