EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.

Sign inCreate account
Research Methodology units

Unit 5 of Research Methodology

Research Ethics and Intellectual Property Rights

The ethical foundations every security and ML researcher is accountable to — from the Belmont Report's three principles and India's DPDP Act 2023 to FFP research misconduct, the Section 3(k) limit on patenting algorithms, and Google Project Zero's 90+30 responsible disclosure window — culminating in a full ethics audit of the five-chapter research journey.

Learning outcomes

  • Apply the three Belmont principles to a security or ML research scenario and explain which obligation each one creates
  • List the four elements of informed consent and explain how each applies when the study involves deception
  • Explain the DPDP Act 2023 obligations and the CERT-In six-hour reporting rule as they apply to a student security project
  • Classify a given act as fabrication, falsification, or plagiarism (FFP); apply the UGC 2018 four-level penalty table to a stated similarity percentage
  • Distinguish what copyright, a patent, and a trade secret each protect; apply Section 3(k) of the Patents Act 1970 to decide whether a given algorithm is patentable in India; compare the obligations of MIT, GPL, and Apache 2.0 licences
  • Describe the 90+30 coordinated disclosure lifecycle, explain why the EternalBlue case is an ethics failure under that standard, and state when a bug bounty programme should be used instead
  • Identify the ethics obligation that arises at each of the five research stages — problem definition, literature review, data collection, write-up, and publication

Topics

5.1

Foundations: The Belmont Principles

Why research ethics rules exist, the Tuskegee study that made them necessary, the three Belmont principles — Respect for Persons, Beneficence, and Justice — and how each translates into a security or machine learning research context.

20 min
5.2

Informed Consent, Ethical Review, and Indian Law

The four elements of informed consent, when an Institutional Ethics Committee review is required, how the DPDP Act 2023 adds data-minimisation and purpose-limitation requirements to any student project that touches personal data, and the CERT-In six-hour mandatory incident reporting obligation.

22 min
5.3

Research Misconduct: Fabrication, Falsification, and Plagiarism

The three categories of research misconduct — fabrication, falsification, and plagiarism — illustrated with security-specific examples including a classifier retested under better conditions and reported as if it was always right, and the UGC 2018 four-level similarity penalty table for theses.

20 min
5.4

Copyright, Patents, and IP in Computer Science

What copyright, a patent, and a trade secret each protect in India, why a published research paper and the algorithm it describes are protected differently, what Section 3(k) of the Patents Act 1970 means for algorithm patents, the RSA patent as a concrete illustration of the patent bargain, and what the MIT, GPL, and Apache 2.0 licences each actually require of a researcher who reuses open-source code.

22 min
5.5

Responsible Disclosure and Dual-Use Ethics

The dual-use tension in security research, the coordinated disclosure lifecycle including Google Project Zero's 90+30 model, how bug bounty programmes formalise the disclosure channel for student researchers, why the NSA's decision to stockpile EternalBlue is an ethics failure under Project Zero's standard, and why documenting datasets and models with datasheets and model cards is itself an ethics obligation.

25 min
5.6

Research Ethics at Every Stage

How the ethics obligations introduced in this chapter map onto each of the five research stages covered across the book — problem definition, literature review, data collection, write-up, and publication — so that ethics is understood as a continuous obligation rather than a final checklist.

18 min
5.7

Open Source and Open Access Publishing

The licences that govern how software and research outputs can be used, shared, and built upon — from open-source software licences (MIT, GPL, Apache) to open-access publishing models (gold, green, diamond) and the preprint ecosystem.

20 min
5.8

Case Studies in Ethics from Data Science and ML Research

Concrete historical cases where ML and data science research produced harmful outcomes — algorithmic bias in criminal justice, discriminatory facial recognition, data harvesting without consent, and chatbots weaponised at scale — and the ethical lessons each case established.

25 min