SummaryRecommendation ITU-T X.1219 provides the functional requirements for a secured process to evaluate technical vulnerabilities. Vulnerability evaluation by crowdsourcing is an effective approach for famous online systems to identify technical vulnerabilities. However, many problems and challenges remain such as when the shell scripts that are uploaded by members of security teams are not deleted after evaluation, which results in backdoors in the system. The functional requirements provided in this Recommendation, and the corresponding security mechanisms, would help increase trust in the crowdsourcing approach by ensuring that vulnerability evaluations performed by security teams are reliable, auditable, traceable and controllable.
|