Home

Ethics in Security Vulnerability Research

Andrea M. Matwyshyn; Ang Cui; Angelos D. Keromytis; Salvatore Stolfo

Title:
Ethics in Security Vulnerability Research
Author(s):
Matwyshyn, Andrea M.
Cui, Ang
Keromytis, Angelos D.
Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Volume:
8
Permanent URL:
Book/Journal Title:
IEEE Security & Privacy
Abstract:
The authors provide the articulation of the ethical argument for the role of vulnerability researchers and security practitioners. They argue that, provided that these researchers don't themselves engage in conduct that causes harm, their conduct doesn't necessarily run afoul of ethical and legal considerations. Furthermore, creating effective defenses against cyberthreats requires vulnerability researchers and practitioners to master techniques such as network recognizance, reverse engineering, penetration testing, and vulnerability exploitation. Although some consider research employing such techniques unequivocally unethical and possibly illegal, a deep understanding in these areas is pivotal to understanding and mitigating the escalating cyberthreat. Using the case study of recent work done at Columbia University, the authors advocate for crafting a code of conduct for vulnerability researchers and security practitioners, including the implementation of procedural safeguards to ensure minimization of harm. They also propose some best practices in vulnerability research.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1109/MSP.2010.67
Item views:
333
Metadata:
View

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services.