Home

Ethics in Security Vulnerability Research

Andrea M. Matwyshyn; Ang Cui; Angelos D. Keromytis; Salvatore Stolfo

Title:
Ethics in Security Vulnerability Research
Author(s):
Matwyshyn, Andrea M.
Cui, Ang
Keromytis, Angelos D.
Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Volume:
8
Permanent URL:
Book/Journal Title:
IEEE Security & Privacy
Abstract:
Debate has arisen in the scholarly community, as well as among policymakers and business entities, regarding the role of vulnerability researchers and security practitioners as sentinels of information security adequacy. The exact definition of vulnerability research and who counts as a "vulnerability researcher" is a subject of debate in the academic and business communities. For purposes of this article, we presume that vulnerability researchers are driven by a desire to prevent information security harms and engage in responsible disclosure upon discovery of a security vulnerability. Yet provided that these researchers and practitioners do not themselves engage in conduct that causes harm, their conduct doesn't necessarily run afoul of ethical and legal considerations. We advocate crafting a code of conduct for vulnerability researchers and practitioners, including the implementation of procedural safeguards to ensure minimization of harm.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1109/MSP.2010.67
Item views:
507
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use