The article aims to contribute to the current research on regulatory frameworks and best practices for ethical hacking, from the perspective of criminology and criminal law, providing insights into the Italian legal system that may also inform EU-wide regulations in this domain. The research employs a multidisciplinary approach by: (i) conducting a historical and criminological analysis of the contemporary “renaissance” of ethical hacking, which includes analyzing the rules of engagement in BBPs and the key factors influencing hackers’ choices between responsible disclosure and malicious exploitation of vulnerabilities; (ii) addressing the prevailing uncertainty about the legal qualification of ethical hacking, by assessing the criminal regime that might still be applicable to “well-intentioned” computer intrusions in Italy; (iii) providing a comparative perspective on EU legal systems that have decriminalized or otherwise incentivized ethical hacking practices as pivotal tools for enhancing a holistic notion of cybersecurity.

Is the Road to Hell Paved with Good Intentions? A Criminological and Criminal Law Analysis of Prospective Regulation for Ethical Hacking in Italy and the EU

Fiorinelli, Gaia;
2024-01-01

Abstract

The article aims to contribute to the current research on regulatory frameworks and best practices for ethical hacking, from the perspective of criminology and criminal law, providing insights into the Italian legal system that may also inform EU-wide regulations in this domain. The research employs a multidisciplinary approach by: (i) conducting a historical and criminological analysis of the contemporary “renaissance” of ethical hacking, which includes analyzing the rules of engagement in BBPs and the key factors influencing hackers’ choices between responsible disclosure and malicious exploitation of vulnerabilities; (ii) addressing the prevailing uncertainty about the legal qualification of ethical hacking, by assessing the criminal regime that might still be applicable to “well-intentioned” computer intrusions in Italy; (iii) providing a comparative perspective on EU legal systems that have decriminalized or otherwise incentivized ethical hacking practices as pivotal tools for enhancing a holistic notion of cybersecurity.
File in questo prodotto:
File Dimensione Formato  
paper45.pdf

accesso aperto

Tipologia: PDF Editoriale
Licenza: Creative commons (selezionare)
Dimensione 984.72 kB
Formato Adobe PDF
984.72 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11382/567712
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
social impact