Logo Cyber Security, Privacy and Disclosure
Location & TravelScheduleSpeakersSponsors & OrganizationsRegisterResources
Stanford Law School Center for Internet and Society
How does vulnerability disclosure best promote security?
November 22, 2003
Stanford Law School, Stanford, CA, USA [directions]

Stanford Law School
Conference on CyberSecurity, Research, and Disclosure

Audio Clips

Audio clips from the conference are broken down into four streams: two from the morning sessions, two from the afternoon.

Morning-1  -  Morning-2   -  Afternoon-1  -  Afternoon-2


This conference explores the relationship between computer security, privacy, and disclosure of information about security vulnerabilities.

September 11th gave new urgency to the debate over whether information collection and dissemination is dangerous or empowering. One view is that vulnerability information should be kept secret and out of the hands of potential criminals and foreign agents. Another view is that the public needs to be informed about security weaknesses, so that people can take appropriate precautions and so that there will be a constituency to pressure for the rapid repair of vulnerabilities. Meanwhile, policy makers struggle to find a balance between promoting security research, constructive information sharing, remediation and protecting commercial interests. Industry has tried to develop "best practices" for reporting and repairing vulnerabilities, but major disagreements - over how much information to disclose, to whom, and when - persist.

The federal government has tried to both establish standards for commercial entities to share information about vulnerabilities and to pass laws to deter the distribution of information that may enable cyberattacks. However critics say these initiatives help only a select few, threaten proprietary information, deter legitimate security research and are overly expensive. During the course of this day-long conference, featured speakers and participants will work towards a solution for both industry and government that promotes computer security and addresses the economic, governmental, and social issues that arise under current research and reporting practices.


The relevant audience for this conference includes computer security researchers and practitioners, computer science academics and professionals, hackers, policy formulators, software vendors and writers, commercial entities that use networked computers, consumers, officials charged with increasing government and national security and security critical infrastructure including law enforcement and national security officers, consumer rights advocates and civil libertarians.



Creative Commons License
This work is licensed under a Creative Commons License.