research // coverage gap

.

investigador independiente · ciberseguridad de infraestructura crítica chilena · ley 21.663 · conforme a los principios de iso/iec 29147 · since 2025.

// investigación publicada : jun 2026

the coverage gap: quantifying vulnerability disclosure asymmetries in chilean critical infrastructure

→ arXiv:2606.05594 → doi 10.5281/zenodo.20501960

// arxiv cs.cr : zenodo · cc-by-4.0

[01]

→ published · arxiv · zenodo · cc-by-4.0→ arXiv:2606.05594

[··]

→ partners or collaborators → equipo@reizan.io under nda

// phase 01 quantitative findings published · arXiv:2606.05594 · zenodo · doi 10.5281/zenodo.20501960 · cc-by-4.0

[2026]phase 01 · published

the coverage gap: quantifying vulnerability disclosure asymmetries in chilean critical infrastructure

passive osint · conforme a los principios de iso/iec 29147 · reproducible methodology · scope: chilean ley 21.663 oiv universe (915 operators per res. exenta 87 anci · 16-dic-2025) benchmarked against usa · eu · uk comparative frameworks

· arxiv cs.CR · zenodo · cc-by-4.0→ published · jun 2026 · arxiv · zenodo→ arXiv:2606.05594

[——]ongoing research

continued research on critical infrastructure cybersecurity · publications follow completion · not pre-announced

· reizan.io/papers · canonical→ partners or collaborators receive roadmap under nda · equipo@reizan.io

// frameworks developed in research practice · attribution: published via reizan · independent cybersec research advisory

[01]

systematic measurement of vulnerability disclosure infrastructure across a defined critical-infrastructure operator universe · combines passive osint with comparative benchmarking against established federal disclosure frameworks

→ primary reference · phase 01 paper · published→ reference → arXiv:2606.05594

[02]

reproducible assessment instrument for operationalizing disclosure-channel maturity across organizational layers · advisory engagement model

→ framework v1.0 · designed · available for engagement→ reference

· apache 2.0· v0.5.2→ published · maintained

canonical chilean oiv registry name → domain resolver · ley 21.663 marco nacional de ciberseguridad · 915-universe · 988 resolved entries

→ npm → github

· apache 2.0· v0.2.0→ published · alpha · expanding

multi-country critical infrastructure operator resolver · cl · br · mx · co · ar · uy · pe · ec · cr · pa · unified schema · apache 2.0

→ npm → github

· las vegas · usa

vulnerability disclosure asymmetries in latam critical infrastructure

→ diferido · sin ciclo objetivo

· santiago · chile

disclosure channel audit · anci oiv registry methodology

→ monitoring cfp · 2026 cycle

// orcid id

0009-0001-3950-2505
// activado 2026-05-25

// pgp fingerprint

6986 3D7A 0B13 A2BB 2046
184E FA7D F605 E031 DB56
// publicada
// reizan.io/.well-known/security.txt

// profiles · verifiers

→ linkedin → github → npm publisher → zenodo · activo → arxiv:2606.05594

// machine-readable citation patterns · doi permanente · cc-by-4.0 license

// bibtex · phase 01 paper

@article{mellafe2026coveragegap,
  author       = {Mellafe Zuvic, David},
  title        = {The Coverage Gap: Quantifying Vulnerability
                  Disclosure Asymmetries in Chilean Critical
                  Infrastructure},
  year         = {2026},
  month        = {6},
  eprint       = {2606.05594},
  archivePrefix= {arXiv},
  primaryClass = {cs.CR},
  publisher    = {Zenodo},
  doi          = {10.5281/zenodo.20501960},
  url          = {https://arxiv.org/abs/2606.05594},
  license      = {CC-BY-4.0}
}

// software · anci-oiv-resolver

@software{anci_oiv_resolver_2026,
  author       = {Mellafe Zuvic, David},
  title        = {anci-oiv-resolver: Canonical Chilean OIV
                  Registry Name to Domain Resolver},
  year         = {2026},
  publisher    = {npm · GitHub},
  url          = {https://www.npmjs.com/package/anci-oiv-resolver},
  license      = {Apache-2.0}
}

// software · latam-oiv-resolver

@software{latam_oiv_resolver_2026,
  author       = {Mellafe Zuvic, David},
  title        = {latam-oiv-resolver: Multi-country Critical
                  Infrastructure Operator Resolver},
  year         = {2026},
  publisher    = {npm · GitHub},
  url          = {https://www.npmjs.com/package/latam-oiv-resolver},
  license      = {Apache-2.0}
}

// pending · collaborator attributions added on written consent

collaborator attributions will appear here following written consent from each contributor · per research ethics norms · names withheld until explicit authorization is on file.

// research infrastructure: open-source software ecosystem · public regulatory frameworks (ley 21.663 · ley 21.459 · res. exenta 87 anci · iso/iec 29147 · iso/iec 30111)

// contact

// email

david@reizan.io

// disclosure framework

conforme a los principios de iso/iec 29147 · coordinated disclosure · acknowledgment sla 72h

// pgp

key publicada · pgp rsa-4096
reizan.io/.well-known/security.txt

2026-05-23

→ 7 min read · cybersecurity · ley-21663 · osint

all posts →

// research at dmzs.dev · personal portfolio of david mellafe z.

// research published via reizan · independent cybersec research advisory

// canonical at reizan.io/papers · this page mirrors with personal attribution

// last reviewed 2026-06-11 · david mellafe z. · founder · methodology lead · david@reizan.io

research.

.