Jump to ContentJump to Main Navigation
Show Summary Details
More options …

it - Information Technology

Methods and Applications of Informatics and Information Technology

Editor-in-Chief: Conrad, Stefan / Molitor, Paul

See all formats and pricing
More options …
Volume 57, Issue 6


(Ir-)responsible disclosure of software vulnerabilities and the risk of criminal liability

Dominik Brodowski
Published Online: 2015-12-01 | DOI: https://doi.org/10.1515/itit-2015-0014


Whenever security researchers find an exploitable vulnerability in software, they face several options: Common examples are contacting the author, maintainer or vendor of the software in private (limited disclosure), publishing information on the vulnerability – possibly with a proof-of-concept of how to exploit it – (full disclosure), a combination of both (responsible disclosure), or even selling information on the vulnerability to third parties. In this article, I will discuss the legal obligations and the legal limitations to the various, typical options available to IT security researchers, with a specific focus on how they may comply with German and European criminal law.

Keywords: Full disclosure; responsible disclosure; handling of software vulnerabilities; liability for software exploitation

ACM CCS: Software and its engineering→Software creation and management; Security and privacy→Software and application security; Legal aspects of computing

About the article

Dominik Brodowski

Dominik Brodowski is a senior researcher at the University of Frankfurt (Main) and a lecturer (Lehrbeauftragter) at Albstadt-Sigmaringen University in a master's course on digital forensics. As a graduate of the University of Tübingen and University of Pennsylvania Law School, his professional activities focus on European criminal law, criminal procedure and its interaction with the realities of technology.

Chair for Criminal Law et al. (Prof. Burchard), HPF EXC 15, 60629 Frankfurt am Main, Germany, Tel.: +49-69-798-31476

Accepted: 2015-09-20

Received: 2015-04-01

Published Online: 2015-12-01

Published in Print: 2015-12-28

Citation Information: it - Information Technology, Volume 57, Issue 6, Pages 357–365, ISSN (Online) 2196-7032, ISSN (Print) 1611-2776, DOI: https://doi.org/10.1515/itit-2015-0014.

Export Citation

©2015 Walter de Gruyter Berlin/Boston.Get Permission

Comments (0)

Please log in or register to comment.
Log in