Computer security researchers navigate ethical dilemmas about how to use big data and shared networked resources to discover vulnerabilities; how to safely expose vulnerabilities; and how to best ensure that vulnerabilities are fixed. This project studies computer security researchers to understand:
R1) How has the computer security community formed an ethical research culture?
R2) How are ethics expectations communicated among researchers?
R3) What sociotechnical factors support and challenge sustaining ethical practices?
R4) How effective is ethical self-regulation in computer security research?
This project uses citation analysis, content analysis, and interviews to evaluate the ethical culture of computer security research. Analysis of scholarly discourse and private reflections of computer security researchers will surface insights about how people, changes in technology, and changes in research practices shaped ethical norms in security research. Project outcomes will identify the strengths and weaknesses of ethics self-regulation in this community and inform other computing research communities.