Intellectual property (IP) law stifles critical research on software security vulnerabilities, placing computer users at risk. Researchers who discover flaws often face IP-based legal threats if they reveal findings to anyone other than the software vendor. This Article argues that the interplay between law and vulnerability data challenges existing scholarship on how intellectual property law should regulate information about improvements on protected works, and suggests weakening, not enhancing, IP protections where infringement is difficult to detect, lucrative, and creates significant negative externalities. The Article concludes by describing other areas, such as physical security, where it may be useful to reform how law coordinates IP improvements.
Derek E. Bambauer & Oliver Day,
The Hacker's Aegis,
Emory L. J.
Available at: https://scholarlycommons.law.emory.edu/elj/vol60/iss5/1