security-course

Security, Privacy, and Consumer Protection

View the Project on GitHub noise-lab/security-course

Data Breaches

Resolution

Companies should be held liable for damages incurred from data breaches if there was a known vulnerability in the software used by the company that led to the breach.

The debate will be “Oxford Style” and follow this format.

Resources

Here are some resources and questions to help guide and nuance the debate:

Questions

  1. How long has the vulnerability been public knowledge? How long has the patch been available?
  2. Does the company in question own the compromised software? Is it maintained by a different company? Is it open-source?
  3. How much did the company know about the vulnerability? Did they know about the vulnerability but not the exploit? Did they know about the exploit but not the attach vector?
  4. How to consider the fact that tens of vulnerabilities are being disclosed every hour? Does this create incentives for companies to now know about vulnerabilities?
  5. What about smaller companies who have fewer resources? Should they be held to the same standard as larger companies?

Readings