Download This Article argues that intellectual property law stifles critical

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Hacker wikipedia , lookup

Trusted Computing wikipedia , lookup

Security-focused operating system wikipedia , lookup

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
This Article argues that intellectual property law stifles critical research on software security
vulnerabilities. Researchers who discover flaws often face legal threats based on IP claims if
they reveal findings to anyone other than the software’s vendor. Externalities and network
effects cause vendors’ incentives to diverge from those that are socially optimal. Unlike
previous scholarship, the Article locates the problem of barriers to security research as one of
information’s distribution. It proposes a set of key reforms – legal “patches,” in software terms
– to protect socially valuable research, guide behavior by those searching for vulnerabilities,
and channel dissemination of vulnerability data towards legitimate consumers. The Article
argues for three types of change: legal, social, and market-based. Legal reform would create
immunity from IP liability for researchers who conform their behavior to prescribed rules,
which conform roughly to the norms of the “responsible disclosure” model in the security
community. Social change would respond to the perception that “hackers” are inherently
threatening by pressing researchers either to recapture that term’s original meaning, or to
abandon it. Finally, to ameliorate failures in the market for software vulnerability data, and to
push such transactions into legitimate channels, we propose that a trusted third party act as a
voluntary coordinator or clearinghouse for vulnerability deals.
Related documents
Cybersecurity of Medical Devices
Cybersecurity of Medical Devices
Findings and Recommendations
Findings and Recommendations
Assessing vulnerability to climate change in South East Europe
Assessing vulnerability to climate change in South East Europe
GHG Inventory review - E-Learning Module
GHG Inventory review - E-Learning Module
Climate Change and Health A Framework for Discussion
Climate Change and Health A Framework for Discussion
Overview of the SSNAPP Methodology
Overview of the SSNAPP Methodology
Acronyms abbreviations
Acronyms abbreviations
Case 1 In early fall 2000, Beth Israel Deaconess Medical Center
Case 1 In early fall 2000, Beth Israel Deaconess Medical Center
What is marketing questions 12
What is marketing questions 12
Chapter 1: Security Problems in Computing
Chapter 1: Security Problems in Computing
Vulnerability
Vulnerability
Careless Delegation of Trust
Careless Delegation of Trust
Document 8513629
Document 8513629
M. Jubb - The Dryad data repository wiki
M. Jubb - The Dryad data repository wiki
Vulnerability analysis consists of several steps: Defining and
Vulnerability analysis consists of several steps: Defining and
Vulnerability Management
Vulnerability Management
Amanda Bourne_VA Overview Part 2
Amanda Bourne_VA Overview Part 2
D1S1_TSV404_Course_Intro_2011_v1
D1S1_TSV404_Course_Intro_2011_v1
Marketing Information and Research
Marketing Information and Research
Presentation - National Forest Foundation
Presentation - National Forest Foundation
Political Risks of Global Business
Political Risks of Global Business
Sara Goldstein
Sara Goldstein