Oulun yliopisto - Etusivulle University of Oulu in English

ee.oulu.fi

Electrical and Information Engineering

Faculty of Technology > Electrical and Information Engineering > Computer Engineering Laboratory


OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Agents of responsibility in software vulnerability processes

$RCSfile: index.html,v $ $Revision: 1.3 $ $Date: 2005/03/04 16:25:44 $

ABSTRACT

Modern software is infested with flaws having information security aspects. Pervasive computing has made us and our society vulnerable. However, software developers do not fully comprehend what is at stake when faulty software is produced and flaws causing security vulnerabilites are discovered. To address this problem, the main actors involved with software vulnerability processes and the relevant roles inside these groups are identified. This categorisation is illustrated through a fictional case study, which is scrutinised in the light of ethical codes of professional software engineers and common principles of responsibility attribution. The focus of our analysis is on the acute handling of discovered vulnerabilities in software, including reporting, correcting and disclosing these vulnerabilities. We recognise a need for guidelines and mechanisms to facilitate further improvement in resolving processes leading to and in handling software vulnerabilities. In the spirit of disclosive ethics we call for further studies of the complex issues involved.

Publication details and availability
Title: Agents of responsibility in software vulnerability processes
Publication details: Takanen, A., Vuorijärvi, P, Laakso, M., and Röning, J. (2004) "Agents of responsibility in software vulnerability processes" Ethics and Information Technology. June 2004, vol. 6, no. 2, pp. 93-110(18).
Availability: [PDF_] Full paper (original)

[This page is CSS2 enabled. Your browser might not fully support it]