International Journal of Communications Law & Policy

Go to content

Main menu:

IJCLP Web-Doc 10-Cy-2004

>> Return to Issue of Publication
Issue 9 (Autumn 2004)
Symposium on Cybercrime

THE PRICE OF RESTRICTING VULNERABILITY PUBLICATIONS
By Jennifer Stisa Granick

Download the Paper in PDF Format: IJCLP Web-Doc 10-Cy-2004


Abstract


There are calls from some quarters to restrict the publication of information about security vulnerabilities in an effort to limit the number of people with the knowledge and ability to attack computer systems. Scientists in other fields have considered similar proposals and rejected them, or adopted only narrow, voluntary restrictions. As in other fields of science, there is a real danger that publication restrictions will inhibit the advancement of the state of the art in computer security. Proponents of disclosure restrictions argue that computer security information is different from other scientific research because it is often expressed in the form of functioning software code. Code has a dual nature, as both speech and tool. While researchers readily understand the information expressed in code, code enables many more people to do harm more readily than with the non-functional information typical of most research publications. Yet, there are strong reasons to reject the argument that code is different, and that restrictions are therefore good policy. Code’s functionality may help security as much as it hurts it and the open distribution of functional code has valuable effects for consumers, including the ability to pressure vendors for more secure products and to counteract monopolistic practices.

Back to top



Main | About us | Current Issue | Blog | For Authors | Call(s) for Papers | Site Map

© 1998-2008 IJCLP Team, produced by Luigi Russi & Christoph Nüßing. ISSN 1439-6262
Back to content | Back to main menu