2010 Articles
Ethics in Security Vulnerability Research
Debate has arisen in the scholarly community, as well as among policymakers and business entities, regarding the role of vulnerability researchers and security practitioners as sentinels of information security adequacy. The exact definition of vulnerability research and who counts as a "vulnerability researcher" is a subject of debate in the academic and business communities. For purposes of this article, we presume that vulnerability researchers are driven by a desire to prevent information security harms and engage in responsible disclosure upon discovery of a security vulnerability. Yet provided that these researchers and practitioners do not themselves engage in conduct that causes harm, their conduct doesn't necessarily run afoul of ethical and legal considerations. We advocate crafting a code of conduct for vulnerability researchers and practitioners, including the implementation of procedural safeguards to ensure minimization of harm.
Subjects
Files
- msp2010020067.pdf application/pdf 438 KB Download File
Also Published In
- Title
- IEEE Security & Privacy
- DOI
- https://doi.org/10.1109/MSP.2010.67
More About This Work
- Academic Units
- Computer Science
- Published Here
- June 23, 2011