Explore the complex intersection of ethics and computer security in this 36-minute lecture from Dalhousie University's ECED4406 course. Delve into real-world examples involving electronic car locks and medical device security, examining potential solutions and the nuanced nature of ethical decision-making in the field. Learn about normal disclosure processes, timelines, and the challenges faced by both researchers and companies. Investigate bug bounty programs, their rewards, and associated issues. Gain insights into computer security ethics, relevant laws, and the impact of legislation like DMCA and Canadian Bill C-11 on security research. Understand the potential risks and considerations when conducting security research, including the sensitive nature of exposing government vulnerabilities.
Overview
Syllabus
Intro
Ethics in Computer Security
Example #1: Electronic Car Locks
Example #2 - Medical Device Security
Possible Solution
Ethics is Rarely Black & White
Normal Disclosure Process
What is Disclosure Timeline?
Disclosure Timeline Trickiness
Company Side Concerns
Typical Result - Disclosure to Consultan
Disclosure Example - ECU Bootloader
Bug Bounties - being rewarded for disclosure
Bug Bounty Issues...
Computer Security Ethics
Computer Security Laws
DMCA Issues
Canadian Bill C-11 Copyright Modernizati
Security Research (General Caveats)
Warning: Embarrassing Governments
Ethics - Summary
Taught by
Colin O'Flynn
