Category: Uncategorised

The practice of vulnerability disclosure

Computer vulnerability disclosures can take various forms. They are complex social processes composed of several steps and are highly sensitive in nature. They can lead to legal actions against the security researchers who discovery the vulnerability, compromise the reputation of the vendors who are asked to “patch” their products and of course, they can temporarily increase the vulnerability of computer systems and even compromise the data of millions of users. We are interested in researching the socio-cultural organization and negotiation of these disclosures over the last several years to highlight the socio-technical and ethical dynamics in the computer security arena that includes security researchers, vendors and various intermediaries.