The regimes of ethical hacking: moral projects and the emergence of a market for vulnerability
BP2-STS
- Bozzini, David University of Fribourg
- 2025
Published in:
- Information, Communication & Society. - Taylor & Francis. - 2025, p. 1-18
English
This article examines the historical evolution of ethical hacking and vulnerability disclosure practices from the 1990s to the present day. It analyzes three key disclosure regimes and their emergence: full disclosure, responsible/coordinated disclosure, and bug bounty programs. The full disclosure regime is characterized by an adversarial relationship between hackers and companies, with hackers publicly releasing vulnerability information to pressure companies to improve security. The responsible/coordinated disclosure regime formalizes collaboration between hackers and companies, introducing standards and policies to manage the disclosure of vulnerability information. Finally, the bug bounty regime established a market-based model of disclosure that partially commodified vulnerabilities and transformed ethical
hacking into a form of gig work. The analysis reveals how these regimes while building upon existing models, enact distinct moral projects and govern interactions between hackers and companies. It highlights how ethical hacking has been transformed through processes of normalization, standardization, and economization and argues that these transformations resulted from complex interactions between hackers and companies shaped by broader socio-cultural trends and preexisting practices rather than being the result of a simple cooptation by corporate interests. In doing so, this nuanced historical perspective on vulnerability disclosure regimes demonstrates how a political economy perspective contributes to developing a critical cybersecurity research agenda.
hacking into a form of gig work. The analysis reveals how these regimes while building upon existing models, enact distinct moral projects and govern interactions between hackers and companies. It highlights how ethical hacking has been transformed through processes of normalization, standardization, and economization and argues that these transformations resulted from complex interactions between hackers and companies shaped by broader socio-cultural trends and preexisting practices rather than being the result of a simple cooptation by corporate interests. In doing so, this nuanced historical perspective on vulnerability disclosure regimes demonstrates how a political economy perspective contributes to developing a critical cybersecurity research agenda.
- Faculty
- Faculté des lettres et des sciences humaines
- Department
- Département des sciences sociales
- Language
-
- English
- Classification
- Anthropology, ethnography
- License
- CC BY
- Open access status
- hybrid
- Identifiers
-
- DOI 10.1080/1369118X.2025.2498683
- ISSN 1369-118X
- Persistent URL
- https://folia.unifr.ch/unifr/documents/331752
Statistics
Document views: 14
File downloads:
- theregimesofethicalhackingmoralprojectsandtheemergenceofamarketforvulnerability-2.pdf: 17