Executive summary: The cultures of biosecurity and computer security differ in important ways due to the differences in constraints and capabilities surrounding biological vs. computer vulnerabilities.
Key points:
Computer security culture values openness, breaking things to understand them, and satisfying curiosity. This culture developed in a context where vulnerabilities could be fixed by vendors, avoided in future software, and mitigated by users.
Biosecurity culture is much more cautious about disclosing and exploring vulnerabilities. This is because biology lacks easy fixes, mitigations are expensive, and a vulnerability could enable serious harm if exploited by malicious actors.
The norms of computer security culture would be risky and irresponsible if applied directly to biosecurity. The constraints are different enough that different norms have developed.
There are good reasons for biosecurity culture being more closed and cautious than typical computer security culture given the lack of mechanisms for mitigating biological risks.
Understanding these different constraints helps explain the different norms despite both fields dealing with vulnerabilities and risks.
This comment was auto-generated by the EA Forum Team. Feel free to point out issues with this summary by replying to the comment, andcontact us if you have feedback.
Executive summary: The cultures of biosecurity and computer security differ in important ways due to the differences in constraints and capabilities surrounding biological vs. computer vulnerabilities.
Key points:
Computer security culture values openness, breaking things to understand them, and satisfying curiosity. This culture developed in a context where vulnerabilities could be fixed by vendors, avoided in future software, and mitigated by users.
Biosecurity culture is much more cautious about disclosing and exploring vulnerabilities. This is because biology lacks easy fixes, mitigations are expensive, and a vulnerability could enable serious harm if exploited by malicious actors.
The norms of computer security culture would be risky and irresponsible if applied directly to biosecurity. The constraints are different enough that different norms have developed.
There are good reasons for biosecurity culture being more closed and cautious than typical computer security culture given the lack of mechanisms for mitigating biological risks.
Understanding these different constraints helps explain the different norms despite both fields dealing with vulnerabilities and risks.
This comment was auto-generated by the EA Forum Team. Feel free to point out issues with this summary by replying to the comment, and contact us if you have feedback.