%0 Journal Article
%T 安全漏洞发现的合法性边界：授权模式下的行为要素框架<br>The Legal Boundary of Vulnerability Discovery：The Framework of Behavior Elements in Authorization Model
%A 黄道丽
%A 马民虎
%J 西安交通大学学报（社会科学版）
%D 2017
%R 10.15896/j.xjtuskxb.201702010
%X 不规范或非法的安全漏洞发现行为对网络安全实践发展造成冲击，凸显法律规定的灰色地带。安全漏洞具备非传统缺陷和资源的双重属性，传统缺陷理论和刑法单一惩治不能体现和承载双重属性所展现的复杂性。目前，限于法律规定的模糊性，安全漏洞发现行为本身存在可能产生“侵入”的刑事法律责任、“白帽子”的法律地位不明确、缺少对授权边界及构成要件的详细指引、众测平台的合规性有待强化等法律风险。为此，应围绕安全漏洞的法律属性，界定安全漏洞合法性发现的边界，明确漏洞挖掘的授权、限制与例外情形。<br>Security incidents caused by illegal vulnerability exploit impact of the development of cybersecurity practice, and highlight the gray areas prescribed by law. Security vulnerability has the dual attributes of untraditional defects and resources, traditional defects theories and the single punishments of criminal law can not solve the complex problems presented by the dual attributes. Due to the vagueness of law, this paper suggests we should define the boundary of the discovery of security vulnerabilities on the basis of the legal nature of security vulnerabilities, and define the authorization, limitations and exceptions of vulnerability discovery to avoid or mitigate cybersecurity legal risks, such as the criminal liability of invading, the unclear legal status of "white hat", lack of detailed guidelines on the discovery boundaries or composition, and of the requirements of the crowd-testing to be strengthened and so on
%K 网络安全
%K 安全漏洞
%K 法律风险
%K 授权
%K 合法性边界
%K “白帽子”&lt
%K br&gt
%K cybersecurity
%K security vulnerabilities
%K legal risk
%K authorized
%K legal boundary
%K "white hat"
%U http://skxb.xjtu.edu.cn/oa/DArticle.aspx?type=view&id=201702010