Security researchers have diverse motivations for investigating security flaws in software and systems. As companies, policymakers, lawyers, and others interact with the security research community, understanding this truth can unlock more fruitful engagement. I Am The Cavalry has been using a simple and useful framework to discuss the drivers of security researcher behavior. While this list isn’t comprehensive, and while most of us fit at least two of these categories, this framing can catalyze a dialog that allows a fuller appreciation of why we do what we do, and that is the value of the framework.
- Protect – make the world a safer place. These researchers are drawn to problems where they feel they can make a difference.
- Puzzle – tinker out of curiosity. This type of researcher is typically a hobbyist and is driven to understand how things work.
- Prestige – seek pride and notability. These researchers often want to be the best, or very well known for their work.
- Profit – to earn money. These researchers trade on their skills as a primary or secondary income.
- Protest/Patriotism – ideological and principled. These researchers, whether patriots or protestors, strongly support or oppose causes.