|
|
| Line 1: |
Line 1: |
|
| |
| Jennifer Stisa Granick, ''The Price of Restricting Vulnerability Publications'' (2007), International Journal of Communications Law & Policy, Vol. 9, Spring 2005.
| |
|
| |
| [http://www.ijclp.net/files/ijclp_web-doc_10-cy-2004.pdf ''Web'']
| |
|
| |
| [http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Granick:2005&f=wikibiblio.bib ''BibTeX'']
| |
|
| |
| ==Categorization==
| |
|
| |
| Issues: [[Information Sharing/Disclosure]]
| |
|
| |
| ==Key Words==
| |
|
| |
| [[information security]], [[vulnerability disclosure]], [[disclosure policy]], [[exploit]], [[code as speech]]
| |
|
| |
| ==Synopsis==
| |
|
| |
| There are calls from some quarters to restrict the publication of information about security vulnerabilities in an effort to limit the number of people with the knowledge and ability to attack computer systems. Scientists in other fields have considered similar proposals and rejected them, or adopted only narrow, voluntary restrictions. As in other fields of science, there is a real danger that publication restrictions will inhibit the advancement of the state of the art in computer security. Proponents of disclosure restrictions argue that computer security information is different from other scientific research because it is often expressed in the form of functioning software code. Code has a dual nature, as both speech and tool. While researchers readily understand the information expressed in code, code enables many more people to do harm more readily than with the non-functional information typical of most research publications. Yet, there are strong reasons to reject the argument that code is different, and that restrictions are therefore good policy. Code's functionality may help security as much as it hurts it and the open distribution of functional code has valuable effects for consumers, including the ability to pressure vendors for more secure products and to counteract monopolistic practices.
| |
|
| |
| ==Additional Notes and Highlights==
| |
|
| |
| '' * Outline key points of interest
| |
|
| |
|
| |
|
| |
|
| |
| ==Full Title of Reference== | | ==Full Title of Reference== |
|
| |
|
Revision as of 10:42, 8 June 2010
Full Title of Reference
The Law and Economics of Cybersecurity: An Introduction
Full Citation
Mark Grady and Francesco Parisi "The Law and Economics of Cybersecurity: An Introduction" in The Law and Economics of Information Security (Cambridge Univ. Press, 2006).
Web
SSRN
BibTeX
Categorization
Issues: Economics of Cybersecurity Regulation/Liability
Key Words
criminal law, regulatory law
Synopsis
One of the most controversial theoretical issues of our time is the governance of cybersecurity. Computer security experts, national security experts, and policy analysts have all struggled to bring meaningful analysis to cybersecurity; however, the discipline of law & economics has yet to be fully applied to the issue. This introduction presents work by leading national scholars who examine this complex national security challenge from a law and economics perspective. The focus spans from a discussion of pure market solutions to public-private issue analysis, providing a valuable basis for policy considerations concerning the appropriate governmental role on the issue of cybersecurity.
Additional Notes and Highlights
* Outline key points of interest