Responsible Disclosure & Partiality

Overview

This assignment is about void * and generics. We added a case study about responsible disclosure and partiality. Students read a summary of researcher Dan Kaminsky’s discovery of a DNS vulnerability and answer questions about his decisions regarding disclosure of vulnerabilities as well as their own thoughts on partiality. The starter code is the full project provided to students.

Contributors

• Ethics materials by Kathleen Creel, Nick Troccoli, and Brynne Hurst
• Assignment by Julie Zelenski and Michael Chang, with modifications by Nick Troccoli, Katie Creel, Brynne Hurst, and Jonathan Kula

Assignment goals

• Learning the purpose and use of function pointers in C
• Using generic void* interfaces as a client
• Implementing a generic void* function using raw memory operations

Ethics goals

• Understanding responsible disclosure processes
• Understanding the role of partiality in security

Download Links

• Starter Code
• Assignment handout
• Ethics Slides on Disclosure (pptx)
• Ethics Slides on Partiality (pptx)
• Explainer Handout on Responsible Disclosure
• Explainer Handout on Partiality

Suggested Reading for Students:

• “Daniel Kaminsky, Internet Security Savior, Dies at 42”

Additional Readings for Context (Instructors or Students):

• Impartiality (Stanford Encyclopedia of Philosophy)
• Wolf, "Morality and Partiality"
• Appiah, Cosmopolitanism: Ethics in a World of Strangers
• Mohism: Universal Care (Stanford Encyclopedia of Philosophy)
• Śāntideva (Stanford Encyclopedia of Philosophy)
• NSA officials worried about the day its potent hacking tool would get loose. Then it did. - The Washington Post

Used in Course

Assignment Level

Undergraduate
Introductory/100 level

Topics

Security Partiality