chiffa Posted December 15, 2022 Share Posted December 15, 2022 So, erm, we have accidentally discovered a pretty major vulnerability that can be used for abuse in an ML product (let's say a classifier between spam/not-spam or legitimate/illegitimate traffic) that allows a complete bypass. We have reached out to a vendor contact to report it, but haven't heard so far and the vulnerability doesn't fit the standard vulnerability framework, given that it's ML's team problem and does not fit MITRE classification (at least to my understanding). What do we do if we still don't hear from the vendor? Go public? Is it even classifiable as a vulnerability or a cyber-security issue? Link to comment Share on other sites More sharing options...
j91321 Posted December 15, 2022 Share Posted December 15, 2022 55 minutes ago, chiffa said: does not fit MITRE classification (at least to my understanding). Which MITRE classification? CVE has vulnerability type "Bypass a restriction or similar" which based on your description would be fitting. It also fits ATT&CK as T1562 Impair Defenses in case it's more of a technique than vulnerability. However it seems like a valid vulnerability to me. As for the disclosure, that really depends, and there is no right answer. Reaching out to your national CSIRT for assistance may also be an option, but this heavily depends on where are you from and how competent they are. 1 Link to comment Share on other sites More sharing options...
chiffa Posted December 15, 2022 Author Share Posted December 15, 2022 51 minutes ago, j91321 said: Reaching out to your national CSIRT for assistance For me that would be NCSC (https://www.ncsc.admin.ch/ncsc/en/home.html), but since we are their research partners I will need to talk a bit with my colleagues and people I report to to see how we present it and how it fits into NCSC philosophy of what they consider as a threat/vulnerability, so that's going to be a bit of politics. Thanks for recommendation though! 54 minutes ago, j91321 said: It also fits ATT&CK as T1562 Impair Defenses in case it's more of a technique than vulnerability. Looks like T1562.001/6 is the closest we have would have at this stage. It's a bypass that's made possible by a fault in the ML product, but at this stage an attacker would need to exploit it. Thanks for the advice in any case! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now