Sebastian-Amadeo SchmolckRechtliche Vorgaben für die Weitergabe und Nutzung von Softwareschwachstellen und Exploits
Recht der Neuen Medien, volume 80
Hamburg 2020, 270 pages
ISBN 978-3-339-11514-0 (print) |ISBN 978-3-339-11515-7 (eBook)
About this book deutschenglish
Present day IT systems depend on software applications of an ever-increasing complexity. Flawed software renders respective systems vulnerable and opens them up for attack. Thus, information about software flaws and corresponding exploits have become a highly sensitive good: affected software-vendors, government and non-government agencies alike need that information in order to be able to fix open vulnerabilities and defend their networks. Cyber-criminals, intelligence services and shady non-government entities on the other hand use software flaws and exploits for attacks on vulnerable systems.
In spite of this volatile situation there now are numerous different markets on which sensitive information about software flaws and exploits is traded like any other article of commerce. Neither the identity nor the - supposed - motives of the individual buyers are of any concern in these transactions. Instead, sensitive information quite simply goes to the highest bidder. The security implications of this questionable kind of trade are plain to see. The fact that some IT researchers or politically motivated private agents choose to publish certain vulnerabilities at their very own discretion who-, when- and wherever they see fit only adds to the looming danger.
This book examines whether - or rather in how far - German law is adequately prepared to deal with the dangers posed by the various agents who are selling, publishing or exploiting software flaws at their individual discretion. The main focus lies on questions of private liability for damages resulting from the sale of insecure software, the publishing of vulnerabilities and exploits and the commercial trade in security-sensitive information. In addition, the author strives to identify the constitutional boundaries for the use of vulnerabilities and exploits by government agencies.
Keywords
CybersicherheitExploitsFull DisclosureHaftung für SicherheitslückenIT-GrundrechtIT-RechtIT-SicherheitResponsible DisclosureSchwachstelleSoftwarefehlerSoftwareschwachstelleZero-DayIhr Werk im Verlag Dr. Kovač
Möchten Sie Ihre wissenschaftliche Arbeit publizieren? Erfahren Sie mehr über unsere günstigen Konditionen und unseren Service für Autorinnen und Autoren.