“白帽”黑客漏洞检测行为的法治化建议
|
摘要
网络安全问题已成为国家层面的重大安全问题,其中网络安全漏洞治理问题贯穿国家、社会与个人全体的法律利益,是实现国家层面安全战略的重中之重。"白帽"黑客作为自发对网络安全漏洞进行发掘检测的网络安全新兴力量,在网络安全漏洞治理中发挥着不可替代的作用,但其漏洞检测行为却往往因相关法律规定与行业规范不明晰而身处"灰色地带"。通过剖析"白帽"黑客主体的法律地位与漏洞发掘行为的法律属性,从相关法律法规完善、安全漏洞测试平台规范化、分级授权安全漏洞挖掘行为等方面,提出针对网络空间漏洞制度构造中"白帽"黑客自发性漏洞检测行为的法治化建议。
Cybersecurity problem has become a major security issue at the national level.The cybersecurity vulnerability governance problem runs through the legal interests of the state,society and individuals,and is the top priority in achieving national-level security strategy."White Hat"hackers,as an emerging power of cybersecurity that can exploit network security vulnerabilities spontaneously,play an irreplaceable role in the management of network security vulnerabilities,but their vulnerability detection behaviors are often unclear due to relevant legal regulations and industry norms.So they are in the "grey zone".After analyzing the legal status of the"White Hat"hacker's subject and the legal attributes of the vulnerability discovery behavior,this paper proposes the construction of the cyberspace vulnerability system from the aspects of perfecting relevant laws and regulations,standardizing the security vulnerability testing platform,and hierarchically authorizing security vulnerability mining behavior.This paper puts up suggestions for the legalization"White Hat"hackers' spontaneous vulnerability detection.
Cybersecurity problem has become a major security issue at the national level.The cybersecurity vulnerability governance problem runs through the legal interests of the state,society and individuals,and is the top priority in achieving national-level security strategy."White Hat"hackers,as an emerging power of cybersecurity that can exploit network security vulnerabilities spontaneously,play an irreplaceable role in the management of network security vulnerabilities,but their vulnerability detection behaviors are often unclear due to relevant legal regulations and industry norms.So they are in the "grey zone".After analyzing the legal status of the"White Hat"hacker's subject and the legal attributes of the vulnerability discovery behavior,this paper proposes the construction of the cyberspace vulnerability system from the aspects of perfecting relevant laws and regulations,standardizing the security vulnerability testing platform,and hierarchically authorizing security vulnerability mining behavior.This paper puts up suggestions for the legalization"White Hat"hackers' spontaneous vulnerability detection.
引文
[1]习近平.在中国共产党第十九次全国代表大会上的报告[N].人民日报,2017-10-19(1).
[2]王磊.计算机系统安全漏洞研究[D].西安电子科技大学,2004.
[3]黄维金,刘凤昌.综述计算机网络面临的威胁[J].中国人民公安大学学报(自然科学版),2005(2):78-80.
[4]国家信息安全漏洞共享平台[DB/OL].2018-8-20.http://www.cnvd.org.cn/flaw/statistic.
[5]王小群,丁丽,李佳,等.2017年我国互联网网络安全态势综述[J].保密科学技术,2018(5):4-11.
[6]本刊编辑部.盘点:2017年国内外重大数据泄露事件[J].中国信息安全,2018(3):62-68.
[7]于志刚,李源粒.大数据时代数据犯罪的制裁思路[J].中国社会科学,2014(10):100-120,207.
[8]搜狐网.黑客测试漏洞被逮捕白帽的正确姿势是什么[EB/OL].https://www.sohu.com/a/105781549_115565.
[9]凤凰网.世纪佳缘被指“钓鱼”:对系统漏洞提交者先感谢后举报[EB/OL].http://finance.ifeng.com/a/20160705/14560987_0.shtml.
[10]赵精武.网络安全漏洞挖掘的法律规制研究[J].暨南学报(哲学社会版),2017,39(5):24-32,129-130.
[11]徐小康,汪文涛.漏洞战争:“白帽子”法律之争[J].方圆,2016(21):28-31.
[12]周文.欧洲委员会控制网络犯罪公约与国际刑法的新发展[J].法学评论,2002(3):79-87.
[13]黄道丽,马民虎.安全漏洞发现的合法性边界:授权模式下的行为要素框架[J].西安交通大学学报(社会科学版),2017,37(2):67-75.
[2]王磊.计算机系统安全漏洞研究[D].西安电子科技大学,2004.
[3]黄维金,刘凤昌.综述计算机网络面临的威胁[J].中国人民公安大学学报(自然科学版),2005(2):78-80.
[4]国家信息安全漏洞共享平台[DB/OL].2018-8-20.http://www.cnvd.org.cn/flaw/statistic.
[5]王小群,丁丽,李佳,等.2017年我国互联网网络安全态势综述[J].保密科学技术,2018(5):4-11.
[6]本刊编辑部.盘点:2017年国内外重大数据泄露事件[J].中国信息安全,2018(3):62-68.
[7]于志刚,李源粒.大数据时代数据犯罪的制裁思路[J].中国社会科学,2014(10):100-120,207.
[8]搜狐网.黑客测试漏洞被逮捕白帽的正确姿势是什么[EB/OL].https://www.sohu.com/a/105781549_115565.
[9]凤凰网.世纪佳缘被指“钓鱼”:对系统漏洞提交者先感谢后举报[EB/OL].http://finance.ifeng.com/a/20160705/14560987_0.shtml.
[10]赵精武.网络安全漏洞挖掘的法律规制研究[J].暨南学报(哲学社会版),2017,39(5):24-32,129-130.
[11]徐小康,汪文涛.漏洞战争:“白帽子”法律之争[J].方圆,2016(21):28-31.
[12]周文.欧洲委员会控制网络犯罪公约与国际刑法的新发展[J].法学评论,2002(3):79-87.
[13]黄道丽,马民虎.安全漏洞发现的合法性边界:授权模式下的行为要素框架[J].西安交通大学学报(社会科学版),2017,37(2):67-75.