Matwyshyn Andrea M. author Cui Ang author Columbia University. Computer Science Keromytis Angelos D. author Columbia University. Computer Science Stolfo Salvatore author Columbia University. Computer Science Columbia University. Computer Science originator text Articles 2010 English Debate has arisen in the scholarly community, as well as among policymakers and business entities, regarding the role of vulnerability researchers and security practitioners as sentinels of information security adequacy. The exact definition of vulnerability research and who counts as a "vulnerability researcher" is a subject of debate in the academic and business communities. For purposes of this article, we presume that vulnerability researchers are driven by a desire to prevent information security harms and engage in responsible disclosure upon discovery of a security vulnerability. Yet provided that these researchers and practitioners do not themselves engage in conduct that causes harm, their conduct doesn't necessarily run afoul of ethical and legal considerations. We advocate crafting a code of conduct for vulnerability researchers and practitioners, including the implementation of procedural safeguards to ensure minimization of harm. Computer science 8 2 67 72 2010 http://dx.doi.org/10.1109/MSP.2010.67 http://hdl.handle.net/10022/AC:P:10581 NNC NNC 2011-06-23 15:09:29 -0400 2012-12-29 00:27:28 -0500 4530 eng