Logo Cyber Security, Privacy and Disclosure
Location & TravelScheduleSpeakersSponsors & OrganizationsRegisterResources
Who
 
Stanford Law School Center for Internet and Society
 
What
 
How does vulnerability disclosure best promote security?
 
When
 
November 22, 2003
 
Where
 
Stanford Law School, Stanford, CA, USA [directions]
 
Base

Stanford Law School
CENTER FOR INTERNET AND SOCIETY
Conference on CyberSecurity, Research, and Disclosure
NOVEMBER 22, 2003, STANFORD, CA

Audio Clips

Audio clips from the conference are broken down into four streams: two from the morning sessions, two from the afternoon.

Morning-1  -  Morning-2   -  Afternoon-1  -  Afternoon-2

Background

This conference explores the relationship between computer security, privacy, and disclosure of information about security vulnerabilities.

September 11th gave new urgency to the debate over whether information collection and dissemination is dangerous or empowering. One view is that vulnerability information should be kept secret and out of the hands of potential criminals and foreign agents. Another view is that the public needs to be informed about security weaknesses, so that people can take appropriate precautions and so that there will be a constituency to pressure for the rapid repair of vulnerabilities. Meanwhile, policy makers struggle to find a balance between promoting security research, constructive information sharing, remediation and protecting commercial interests. Industry has tried to develop "best practices" for reporting and repairing vulnerabilities, but major disagreements - over how much information to disclose, to whom, and when - persist.

The federal government has tried to both establish standards for commercial entities to share information about vulnerabilities and to pass laws to deter the distribution of information that may enable cyberattacks. However critics say these initiatives help only a select few, threaten proprietary information, deter legitimate security research and are overly expensive. During the course of this day-long conference, featured speakers and participants will work towards a solution for both industry and government that promotes computer security and addresses the economic, governmental, and social issues that arise under current research and reporting practices.

Audience

The relevant audience for this conference includes computer security researchers and practitioners, computer science academics and professionals, hackers, policy formulators, software vendors and writers, commercial entities that use networked computers, consumers, officials charged with increasing government and national security and security critical infrastructure including law enforcement and national security officers, consumer rights advocates and civil libertarians.

 

Dots

Creative Commons License
This work is licensed under a Creative Commons License.