What drives people to spend nights reversing binaries, fuzzing protocols, or hunting for zero-days — as a job, a passion, or both? How do they actually practice their craft? And how well do they know the legal boundaries of what they do?
The PEPR Cybersécurité REV project, a multi-disciplinary research effort at the crossroads of cybersecurity, law, and sociology, is launching a study to explore these questions. Through a privacy-preserving online survey, the team aims to map the plurality of backgrounds, the diverse motivations, and the many career paths that lead people into vulnerability research, understand their day-to-day practices and methodologies, and assess this community's awareness of the legal framework governing vulnerability discovery and disclosure.
This lightning talk introduces the study, its goals, and its privacy-first methodology. It is also a call to action: whether you are an active vulnerability researcher, have dabbled in the past, or simply work alongside those who do, if this topic resonates with you, we invite you to sign up for notification when the survey goes live.