ABSTRACT
Chapter 4 discusses the development of cybersecurity. Previous discussions on this issue relied on philosophy of science, leading to an over-focus on normative statements and the results of the practice. This chapter compares outcomes from philosophy of science with high-level insiders’ debates on building the science of security while juxtaposing them with ethnographies of laboratories carried out in sociology and the anthropology of science. This chapter also juxtaposes philosophical and high-level insiders’ debates with accounts from ethnography of security conferences, interviews and exchanges recorded during the solving of security challenges, reverse engineering studies, emergency check-ups and other everyday security labour.
The chapter opens with empirical discussion on stabilised instabilities, then it uses this concept to show the advances and gaps in the conceptualisation of cybersecurity as a science that happened after 2005. In the last section, the chapter discusses popular standardisation systems such as CVE, CVSS and MITRE frameworks and comments on practices such as reverse engineering that are pivotal for the field but less understood in the philosophy of science.
