Abstract

http://ssrn.com/abstract=874846
 
 

Citations (2)



 
 

Footnotes (162)



 


 



The Price of Restricting Vulnerability Publications


Jennifer Stisa Granick


Stanford Law School, Center for Internet and Society


International Journal of Communications Law & Policy, Vol. 9, Spring 2005

Abstract:     
There are calls from some quarters to restrict the publication of information about security vulnerabilities in an effort to limit the number of people with the knowledge and ability to attack computer systems. Scientists in other fields have considered similar proposals and rejected them, or adopted only narrow, voluntary restrictions. As in other fields of science, there is a real danger that publication restrictions will inhibit the advancement of the state of the art in computer security. Proponents of disclosure restrictions argue that computer security information is different from other scientific research because it is often expressed in the form of functioning software code. Code has a dual nature, as both speech and tool. While researchers readily understand the information expressed in code, code enables many more people to do harm more readily than with the non-functional information typical of most research publications. Yet, there are strong reasons to reject the argument that code is different, and that restrictions are therefore good policy. Code's functionality may help security as much as it hurts it and the open distribution of functional code has valuable effects for consumers, including the ability to pressure vendors for more secure products and to counteract monopolistic practices.

Number of Pages in PDF File: 35

Keywords: security vulnerability, exploit code, code as speech, computer security

Accepted Paper Series





Download This Paper

Date posted: January 13, 2006  

Suggested Citation

Granick, Jennifer Stisa, The Price of Restricting Vulnerability Publications. International Journal of Communications Law & Policy, Vol. 9, Spring 2005. Available at SSRN: http://ssrn.com/abstract=874846

Contact Information

Jennifer Stisa Granick (Contact Author)
Stanford Law School, Center for Internet and Society ( email )
559 Nathan Abbott Way
Stanford, CA 94305-8610
United States
650-724-1900 (Phone)
HOME PAGE: http://cyberlaw.stanford.edu
Feedback to SSRN


Paper statistics
Abstract Views: 1,915
Downloads: 113
Download Rank: 146,194
Citations:  2
Footnotes:  162

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo3 in 0.421 seconds