← Back to context

Comment by fouric

4 years ago

> But we have always known that someone with sufficient cleverness may be able to slip vulnerabilities past reviewers of whatever project.

...which is why the interestingness of this project depends on how clever they were - which I'm not able to evaluate, but which someone would need to before they could possibly invalidate the idea.

> (and unethical)

How is security research unethical, exactly?

1 comment

fouric

Reply
jc2it  4 years ago

>How is security research unethical, exactly?

Those being researched must consent.

The goal should be to further society. This research attempted to sabotage infrastructure.

Research should avoid unnecessary suffering. Kernel maintainers are overworked volunteers.

They must be allowed to discontinue the research if the stress becomes more than they can bear.

Read more on University of Minnesota's website and look at page 4. https://www.ahc.umn.edu/img/assets/26104/Research_Ethics.pdf