In the "bidt Werkstatt digital", the speakers will discuss proposals formulated in the bidt policy brief "Closing gaps: Dealing responsibly with IT security gaps" and related papers.
With increasing digitalisation, the danger of cyber attacks from the network is also growing: Both companies and public administrations face the challenge of protecting their software and hardware and averting damage. On the scientific side, IT security researchers can make a valuable contribution in dealing with cyber attacks – but their actions expose them to massive legal risks: If, for example, researchers detect security vulnerabilities in their function as ethical hackers and want to inform affected institutions about them adequately, many legal questions remain open.
What is needed here is a legal framework that offers a practical and legally secure procedure for reporting and closing security vulnerabilities. The researchers are faced with a dilemma with their activities: To what extent can they scientifically analyse an identified security vulnerability if criminal law with § 202c and § 202a StGB already prosecutes preparatory measures? The law also faces a conflict of objectives: if security vulnerabilities are reported to manufacturers, authorities can no longer use them. As long as security gaps exist, they can be exploited to the detriment of society. It is, therefore, the task of politics to resolve this conflict.
Impulse | Dr. Oliver Vettermann, FIZ Karlsruhe – Leibniz Institute for Information Infrastructure
Discussion and questions from the audience
- Prof. Dr. Dominik Brodowski, Saarland University
- Wilfried Karl, ZITiS – Central Office for Information Technology in the Security Sector
- Eva Wolfangel, journalist
Moderation | Prof. Dr.-Ing. Felix Freiling, bidt / FAU Erlangen-Nuremberg