September 11 gave new urgency to the debate over whether information collection and dissemination is dangerous or empowering. One view is that vulnerability information should be kept secret and out of the hands of potential criminals and foreign agents. Another view is that the public needs to be informed about security weaknesses, so that people can take appropriate precautions and so that there will be a constituency to pressure for the rapid repair of vulnerabilities. Meanwhile, policy makers struggle to find a balance between promoting security research, constructive information sharing, remediation and protecting commercial interests. Industry has tried to develop “best practices” for reporting and repairing vulnerabilities, but major disagreements - over how much information to disclose, to whom, and when - persist. The federal government has tried to both establish standards for commercial entities to share information about vulnerabilities and to pass laws to deter the distribution of information that may enable cyberattacks. However, critics say these initiatives help only a select few, threaten proprietary information, deter legitimate security research and are overly expensive. During the course of this two-day-long conference, featured speakers and participants will work towards a solution for both industry and government that promotes computer security and addresses the economic, governmental, and social issues that arise under current research and reporting practices. Audience |
