EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.

Sign inCreate account
Research Ethics and Intellectual Property Rights
LearnResearch MethodologyUnit 55

Topic 5.5 of Research Ethics and Intellectual Property Rights

Responsible Disclosure and Dual-Use Ethics

The dual-use tension in security research, the coordinated disclosure lifecycle including Google Project Zero's 90+30 model, how bug bounty programmes formalise the disclosure channel for student researchers, why the NSA's decision to stockpile EternalBlue is an ethics failure under Project Zero's standard, and why documenting datasets and models with datasheets and model cards is itself an ethics obligation.

~25 min total·4 quadrants of structured content

By the end of this topic, you will

  • Define dual-use in security research and explain the core tension it creates between defenders and attackers
  • Describe the 90+30 coordinated disclosure lifecycle and explain what happens if the vendor fails to patch within the 90-day window
  • Explain how the EternalBlue case illustrates the downstream harm of stockpiling a vulnerability rather than disclosing it
  • State what a bug bounty programme is and when it is the appropriate disclosure channel for a student who discovers a genuine vulnerability during a project
  • Explain what datasheets for datasets and model cards require a researcher to document, and why this is an ethics obligation rather than optional metadata
Q1 · E-TUTORIAL (0)Q2 · E-CONTENT (1)Q3 · WEB RESOURCES (0)Q4 · SELF-ASSESSMENT (0)

Quadrant 1 · e-Tutorial

Video lectures and walkthroughs

Video content coming soon.

Quadrant 2 · e-Content

Articles and case studies

research-methodology

Responsible Disclosure and Dual-Use Ethics

Security research carries a tension built into its subject matter: work that helps defenders — a working exploit, a detailed vulnerability write-up — can equally help attackers. Responsible disclosure norms exist to manage this tension. The EternalBlue case shows what happens at government scale when those norms are not followed.

10 min read

Quadrant 3 · Web Resources

Downloadable material and curated external links

Web resources coming soon.

Quadrant 4 · Self-Assessment

Test your knowledge — earn a certificate on first pass

Assessment coming soon.