Computer security research often focuses on the disclosure of vulnerabilities in traditional computing devices, such as DNS or Mail Systems. Recently, however, there has been a growth of vulnerabilities being discovered in embedded devices such as automobiles, SCADA hardware, and medical devices. These non-traditional computer devices have additional complexities and impacts that are, as of yet, unexamined.
First, although much is made of the process of disclosure of the vulnerability itself, the response by the market place and manufacture are rarely discussed. Companies that produce many of these devices are generally under prepared to handle new found vulnerabilities.
Second, many of the disclosures with these non-traditional devices impact more than just a vendor, a computer administrator, or a company. The end user, the individual with the most at risk from some vulnerabilities, are often unaware of a vulnerability unless the mainstream media finds an interest in the story.
At Black Hat 2011, for example, there was a presentation about vulnerabilities in insulin pumps, which struck a chord with the media and resulted in the diabetic community, eventually prompting quite a few diabetics to voice their opinions through blog posts and tweets.
A prominent diabetic blogger, Kerri Sparling from SixUntilMe, will talk about how a vulnerability disclosure can impact end users in ways that researchers usually are not aware of.
Žádné komentáře:
Okomentovat