EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

All articles
research-methodologyresearch-ethicsresearch-processpublication-ethics

Research Ethics at Every Stage

Five units, read in sequence, form one continuous journey. Chapter 5 asks the question every earlier step assumed a good answer to: was the research collected, analysed, and published in a way that respects the people, organisations, and property the study touched?

Ashish Revar7 July 20267 min read2 views

Sign in to mark this article as read and track your progress.

More articlesTest your knowledge

Ethics Is Not a Final Checklist

A common misreading of research ethics is that it is a gate to pass at the beginning (get IRB approval) or the end (check the plagiarism report) of a project. It is neither. Ethics obligations arise at every stage of the research process, and the obligation at each stage is specific to what that stage involves.

Ethics Obligations Mapped to the Five Research Stages

StageResearch obligationEthics or IPR question it raises
Defining the problem (Ch. 1)The problem statement fixes what data will be collected and from whomDoes the scope require scanning systems you do not own, or accessing data about identifiable people?
Literature review (Ch. 2)You build on and cite others' published workAre you citing correctly, or reusing your own prior text without disclosure?
Data collection (Ch. 3)You acquire samples, traffic, or survey responsesDo the people whose data you are using know and agree? Does the DPDP Act or CERT-In's mandate apply?
Writing up (Ch. 4)You present findings in a thesis or paperAre you reporting the actual results of the actual tests that were run? Is the methodology honest enough to allow replication?
Publication (Ch. 5)You make the work publicIf a vulnerability was discovered during the research, has responsible disclosure been followed before publication?

Tracing the Book's Case Studies Through Chapter 5

The WannaCry and Mirai examples introduced in Chapter 1 were not incidental illustrations. Seen through Chapter 5's framework:

  • WannaCry/EternalBlue raises the Justice question at every stage: who bore the cost of the NSA's decision to stockpile rather than disclose, and who received the benefit? Every organisation that was compromised in May 2017 bore the cost; the NSA's offensive capability was the intended beneficiary.
  • Mirai's default-credential flaw raises Beneficence: publishing a detailed analysis of how Mirai's scanner found devices helps defenders identify vulnerable routers, but the same analysis helps attackers find them faster. Responsible disclosure practice and dataset documentation (what was scanned, how, with whose consent) address this directly.
  • Rossow et al.'s finding (Chapter 2) that 71% of published malware experiments described no safety precautions is not merely a reproducibility failure; it is a Beneficence failure — a researcher who cannot describe how they ran live malware safely cannot demonstrate that no harm to third parties resulted from the experiment.

The Research Journey: One Chain

Chapter 1 observed that a widely repeated attack succeeded not because of one clever trick but because of a structural weakness. Chapter 2 made that observation defensible by holding the methodology to the standards the field expects. Chapter 3 supplied the tools to turn an observation into a testable claim. Chapter 4 made the result legible to other researchers in a structure and citation style they already know how to read.

This chapter asks the question all four assumed had been answered: was the work collected, analysed, and published in a way that respects the people, the organisations, and the property the study touched?

That question does not arise at the end. It arises the moment the problem is defined, reappears when the first dataset record is collected, is implicit in every number reported in the results section, and is the final obligation before the paper is submitted.

Check Your Understanding

A student's thesis project scanned 500 IoT devices found via a Shodan query, ran a custom script to test each for a known default-credential vulnerability, and documented which devices were vulnerable and which firmware version each ran. The student did not obtain consent from device owners and has not contacted any manufacturer. Before she submits the thesis, identify the specific ethics obligation that arose at the problem-definition stage, the data-collection stage, and the publication stage — and state what she should do now, before submission, about each one.