Fair Use Summary

Fair Use of Sources

Summarizing the work of another is an effective way to clarify important ideas in your own mind before you try to share them with others. Rarely will you quote original sources at length in your academic papers. Instead, you’ll summarize the main ideas of other articles as faithfully as possible to support your own arguments. When done well, a strong and accurate summary should require only minimal quotation of the original. The quotation illuminates what the summary supports and the entire citation serves the purpose of your argument.

Of course, it helps to be right about what the author meant. No academic purpose is served by your misunderstanding or your sloppy reporting of the opinions of another author. Even with care, though, a degree of inaccuracy is inevitable. By its nature, summary requires interpretation and rephrasing along with a radical condensing of someone else’s argument. Consider having objective readers review your summary before publishing. It may not strike others as accurate.

Just as understandable but less forgivable than inaccuracy is unfairness in a summary. Imagine trying to justify a deliberate misquoting of an author. Readers wouldn’t stand for it, nor should they. The author would be furious, and rightly so, that you would lie about what she wrote. Unfair summary is every bit as unforgivable and unethical as misquotation, for it equally deliberately lies about what another write wrote.

Don’t misunderstand your responsibility here. You are not obligated to agree with the position of the original author. In fact, as often as not, you’ll cite the work of authors with whom you profoundly disagree. Let your reader know exactly how you feel about the source, but fairly.

You’ll search for the perfect quote to prove your argument. If you find something close to what you seek in the words of another, you’ll present the material in the most persuasive way. As long as your presentation is fair to the intention of the original author, you may use that author’s remarks in any way that suits your purposes. But if you misquote, even by selective deletion of important details or qualifiers; or if you take material deliberately from its context in order to deceive; or if you summarize unfairly to create an ally for your position out of an opponent, it will feel wrong. Trust that feeling. It is wrong.
Your academic responsibility is not to prove your argument at any cost, but to state clearly and persuasively the real and provable.


Read the article and the brief arguments that follow. Identify which arguments use citation Fairly, Unfairly and Inaccurately. (It’s not easy to distinguish Inaccuracy from Unfairness, but factual mis-statements or over-statements qualify as inaccurate first, unfair second.)

Full Disclosure of Security Vulnerabilities a “Damned Good Idea”

by Bruce Schneier

Editor’s Note: [In this article, Bruce Schneier talks of hacking as research and of hackers as researchers. The original post and reader comments can be found online at this link ]

Full disclosure—the practice of making the details of security vulnerabilities public—is a damned good idea. Public scrutiny is the only reliable way to improve security, while secrecy only makes us less secure.

Unfortunately, secrecy sounds like a good idea. Keeping software vulnerabilities secret, the argument goes, keeps them out of the hands of the hackers (See The Vulnerability Disclosure Game: Are We More Secure?). The problem, according to this position, is less the vulnerability itself and more the information about the vulnerability.

But that assumes that hackers can’t discover vulnerabilities on their own, and that software companies will spend time and money fixing secret vulnerabilities. Both of those assumptions are false. Hackers have proven to be quite adept at discovering secret vulnerabilities, and full disclosure is the only reason vendors routinely patch their systems.

To understand why the second assumption isn’t true, you need to understand the underlying economics. To a software company, vulnerabilities are largely an externality. That is, they affect you—the user—much more than they affect it. A smart vendor treats vulnerabilities less as a software problem, and more as a PR problem. So if we, the user community, want software vendors to patch vulnerabilities, we need to make the PR problem more acute.

Full disclosure does this. Before full disclosure was the norm, researchers would discover vulnerabilities in software and send details to the software companies—who would ignore them, trusting in the security of secrecy. Some would go so far as to threaten the researchers with legal action if they disclosed the vulnerabilities.

Later on, researchers announced that particular vulnerabilities existed, but did not publish details. Software companies would then call the vulnerabilities “theoretical” and deny that they actually existed. Of course, they would still ignore the problems, and occasionally threaten the researcher with legal action. Then, of course, some hacker would create an exploit using the vulnerability—and the company would release a really quick patch, apologize profusely, and then go on to explain that the whole thing was entirely the fault of the evil, vile hackers.
It wasn’t until researchers published complete details of the vulnerabilities that the software companies started fixing them.

Of course, the software companies hated this. They received bad PR every time a vulnerability was made public, and the only way to get some good PR was to quickly release a patch. For a large company like Microsoft, this was very expensive.

So a bunch of software companies, and some security researchers, banded together and invented “responsible disclosure” (See “The Chilling Effect”). The basic idea was that the threat of publishing the vulnerability is almost as good as actually publishing it. A responsible researcher would quietly give the software vendor a head start on patching its software, before releasing the vulnerability to the public.

This was a good idea—and these days it’s normal procedure—but one that was possible only because full disclosure was the norm. And it remains a good idea only as long as full disclosure is the threat.

The moral here doesn’t just apply to software; it’s very general. Public scrutiny is how security improves, whether we’re talking about software or airport security or government counter-terrorism measures. Yes, there are trade-offs. Full disclosure means that the bad guys learn about the vulnerability at the same time as the rest of us—unless, of course, they knew about it beforehand—but most of the time the benefits far outweigh the disadvantages.

Secrecy prevents people from accurately assessing their own risk. Secrecy precludes public debate about security, and inhibits security education that leads to improvements. Secrecy doesn’t improve security; it stifles it.

I’d rather have as much information as I can to make an informed decision about security, whether it’s a buying decision about a software product or an election decision about two political parties. I’d rather have the information I need to pressure vendors to improve security.

I don’t want to live in a world where companies can sell me software they know is full of holes or where the government can implement security measures without accountability. I much prefer a world where I have all the information I need to assess and protect my own security.

Bruce Schneier is a noted security expert and founder and CTO of BT Counterpane.

Version 1 (Fair, Unfair, or Inaccurate?)

(Though it’s highly opinionated and comically stereotypes hackers, this citation accurately represents the position of the original author.)

In “Full Disclosure a Damned Good Idea,” Bruce Schneier makes the usual apologies for his disreputable buddies in the hacking community. Calling them “researchers” instead of uninvited intruders, Schneier would have us believe this bleary-eyed, baseball-cap-wearing band of deep data bungee-divers are performing a public service. When they poke through the back channels of industrial and government websites and gain access to the server controls, he claims we’re all somehow safer. Not only should these “researchers” not be prosecuted, he maintains, they should be congratulated for their restraint in merely—merely!—disclosing the security vulnerabilities they discover on sensitive sites. His laughable compromise is a position he calls “responsible disclosure,” which gives the software operators a “head start” to fix problems before the hackers go ahead and divulge the vulnerability to every criminal with an even smaller conscience than theirs.

Version 2 (Fair, Unfair, or Inaccurate?)

(This argument may tell the truth about Schneier, but it attributes statements to him he did not make and is therefore inaccurate; whether he may hold them is irrelevant.)

Bruce Schneier makes several colossal errors in his analysis of the security threats posed by hackers. In “Full Disclosure a Damned Good Idea,” he maintains that companies with known security threats do nothing about them unless threatened with a dangerous “exploit” launched by hackers to bring down or otherwise disrupt their operations or security. Furthermore, he claims, hackers are way ahead of the companies who host big data anyway, so that the keeping vulnerabilities secret is the equivalent of surrounding data with a 6-inch fence—effective only against people who respect boundaries. As a consultant to dozens of such vulnerable concerns, I can say with assurance both suppositions are wrong. Microsoft, Delta airlines, Commerce Bank, and the US Postal Service were not asleep at the wheel. They were actively plugging security portholes in advance of their recent attacks by hackers. And the terrible disruptions to customers of all those operations needn’t have happened at all if zealous “researchers” hadn’t shared what they knew about system vulnerabilities.

Version 3 (Fair, Unfair, or Inaccurate?)

(This argument may reflect Schneier’s beliefs too, and it doesn’t actually claim to be quoting him, but it attributes opinions to him based on conjecture and is therefore unfair, whether or not it is correct.)

Bruce Schneier rocks. In “Full Disclosure a Damned Good Idea,” Schneier says exactly what every corporate and government security expert needs to hear about vulnerabilities to his data and operations. Schneier makes it clear that operations experts are more interested in their own career security than the security of their systems. He’s seen first-hand what secrecy about vulnerabilities leads to, and he’s not bashful about sharing what he’s seen. Back room deals with PR firms keep the truth about vulnerable data from ever seeing the light of day, until an enterprising hacker stumbles on the problem and exploits it. The obvious explanation is that companies don’t care as much about their customers as they do about their bottom line. After all, who gets hurt when your customers’ bank account gets hacked? The customers do, not the companies. Schneier knows this. It’s no wonder he prefers to spend his time on the research, not the corporate, side.

In Class Exercise

In a Reply below, Explain why Version is either Fair, Unfair, or Inaccurate. Repeat for Versions 2 and 3. (There’s one of each.)

37 Responses to Fair Use Summary

  1. morra2024 says:

    1. Seems to be unfair because of strong language used in the form of mockery and accusation: “… Schneier would have us believe…” and “… a position he calls…”;
    2. Fair and accurate;
    3. Most likely inaccurate, as Schneier never made some of the claims that the writer has included.


  2. ahntkd99 says:

    Version 1 is inaccurate because it changes original article opinion.
    Version 2 is unfair because this article’s opinion is not fair.
    Version 3 is fair because this article doesn’t change original opinion and it is pretty fair.


  3. ajuuy7 says:

    Version 1 is inaccurate because it poorly represents what the author was trying to say. Version 2 is unfair because it does not represent what the author is trying to say in his response. Version 3 is fair because although the paragraph is written strongly for the authors side I think it has the right information in it.


  4. lucbe219 says:

    Version 1 is unfair, the hackers are doing their community a public service. By alerting the citizens to the problem, they are not completely surprised when their once claimed secure network is harmed by criminals. Version 2 is inaccurate because all the hackers are trying to do is help the companies fix the holes in their systems for better business as well as security. Version 3 is fair due to the fact that the author has had a first hand experience seeing what goes on in those companies. He is also expressing that companies do not really care too much about their customers, and more about their reputations.


  5. V1: Fair
    V2: inaccurate


  6. bmdpiano says:

    Version 1 is fair as it disagrees with the author and wants to make their point.
    Version 2 is unfair when making his argument against the author. They intentionally make unfair statements.
    Version 3 is inaccurate, but maybe the writer thought they were being fair.


  7. Version 1 Is inaccurate because the summary is written with information that wasn’t provided in the original article. For example, Bruce never straight up said we should congratulate hackers like he did in the summary.

    Version 2 is unfair because he inaccurately quotes the original piece when talking about the company security

    Version 3 is fair because it’s a valid summary that 100% uses all info applied in the original article. He also applies some of his own feelings and thoughts which is okay.


  8. voxpopuli075 says:

    The first version is unfair because the author goes after hackers rather than argue against Schneier’s points.
    The second version is inaccurate because it misrepresents what Schneier is saying.

    The third version is fair because it does not misrepresent his points.


  9. yankeefan25 says:

    I thought that version one was fair. They did not twist around the words of the editor and were punctual with each point that they made. Version two was unfair for a couple of different reasons. The first reason is because he puts words into the editors mouth and says things that the editor did not even make a claim about. The third version is the one that is inaccurate. This is because he misunderstands what the author is saying and they just aren’t on the same page.


  10. Valcom says:

    Version one is an inaccurate summary because the writer doesn’t clearly understand what the author is saying and is changing the wording.

    Version two is an unfair argument because the writer understands the article and shows that in the summary however pushed their opinion more which unbalanced the summary.

    Version three is a fair summary because it clearly displays the summary of the article while not overshadowing what the author has to say with their own opinion in the original article.


  11. Version 1 seemed unfair, version 2 seemed inaccurate, and version 3 was fair


  12. tenere84 says:

    Version 1 – Inaccurate
    Version 2 – Unfair
    Version 3 – Fair


  13. jackso23 says:

    Version 1 – Fair
    Version 2 – Unfair
    Version 3 – Inaccurate or unfair


  14. Version one seems to be unfair
    Version two seems to be inaccurate
    Version three is mostly fair


  15. roses0102 says:

    Version 1 is unfair, Bruces points are misinterpreted and important points aren’t all include
    Version 2 is inaccurate, the authors points are not directed toward the original article
    Version 3 is fair, highlighting key points from the article and giving an opinion, all while not changing the stance on the topic.


  16. kraemercali says:

    version 1 is unfair because of it is insinuating things the author never mentioned.
    version 2 in inaccurate because it is saying when there is holes in software, no efforts are made to fix it when the author mentions attempts to fix such issues.
    version 3 is fair in its disposition, it disagrees with some of the authors ideas but does so in a well mannered way.


  17. lg102015 says:

    I believe that..
    Version 1: Inaccurate
    Version 2: unfair
    Version 3: Fair


  18. mpsj13 says:

    Version 1 is unfair
    Version 2 is fair
    Version 3 is inaccurate


  19. lg102015 says:

    Version 1: Inaccurate
    Version 2: unfair
    Version 3: Fair


  20. The first version is unfair.
    The second version is fair.
    The third version is inaccurate.


  21. Today in class, we began by choosing a sentence out a series of 5. We came to the conclusion of which of these 5 sentences was the most economically structured one with the words given. Then, Mr. Hodges told everyone that does not have a username on WordPress yet to make one instead of staying anonymous. We learned the value of a summary and how useful summarizing someone’s work can be. Effectively summarizing paragraphs worth of information into a couple sentences communicates the most important points of that information and makes it very simple to comprehend. We then read an article in class with 3 summaries. Individually, we had to decipher which of these three summaries were unfair, inaccurate, or fair. When we finished, Mr. Hodges gave us our homework for next class on Tuesday.


  22. The first version is the fair one, the second is the inaccurate one, and the third version is the unfair one.


  23. bestbaker123 says:

    Version 1 is fair. It is very opinionated and does disagree with Schneier but it does fairly represent how Schneier felt about hackers. It accurately quotes Schneier and what he thinks of full disclosure. Doesn’t misquote him or twists his words. Just adds their own opinion.
    Version 2 is inaccurate. It twists his words by putting words in Schneier’s mouth. He doesn’t say that companies don’t do “nothing” about hackers releasing their vulnerabilities.
    Version 3 is unfair. The person does praise what Schneier thinks and agrees with him, but it inaccurately misquotes him. The person puts words in his mouth and is the writers own interpretation.


  24. iamsleepy01 says:

    Version 1: Inaccurate. Not all hackers or “researchers” are bad
    Version 2: Fair
    Version 3: unfair


  25. influenza123 says:

    Version 1 is quite unfair as it minconstrues the author’s use of the term “researcher”. Version 1 also minsconstrues the definition of responsible disclosure.

    Version 2 is unfair as it incorrectly quotes the author with regards to a caompany’s response to security threats.

    Version 3 is inaccurate as it seems to get the wrong idea with regards to the original editorial.


  26. athenapup4 says:

    Version 1:
    I would consider this as a Unfair argument because the argument knows what the author is actually saying however is changing or misquoting what the original author said.
    Version 2:
    I would consider this version as a Fair argument because the argument knows what the author was and proceeded to give accurate notations of the original text while still disagreeing with the author.
    Version 3.
    This would be an Inaccurate version because this argument is completely interpreting the authors writing wrong and is trying to state the argument without understanding the article.


  27. smellycat23 says:

    I think Version 1 is a fair disagreement because he calls out Schneider for saying the “researchers” or hackers are doing a public service which is true but the author obviously disagrees with this.

    Version 2 is unfair because it discusses how companies won’t do anything with their vulnerabilities until exploited.

    Version 3 is inaccurate because he says researchers are more interested in their own careers than the security of the system. He also talks about back room deal with PR firms.


  28. comp0327 says:

    Version 1: Inaccurate. The passage sounds rushed and some details were discluded altogether, such as the vulnerabilities faced by companies.
    Version 2: Unfair. Instead of simply summarizing the article, the new author pushes forth their opinion in an unfair way that distracts from the actual article summarization.
    Version 3: Fair. The author expresses their feelings about Schneider, but still fairly summarizes the article.


  29. lazybear8 says:

    Version 2 is inaccurate summary. The writer misquotes many of his points made in the article.
    Version 1 is unfair summary.
    Version 3 is fair. This is because it shows all of his points he made in the article with clarity.


  30. Version one is unfair
    Version two is fair
    Version three is inaccurate


  31. lelebxby says:

    I think that version one is unfair because in the original article, Bruce never said that hackers should be celebrated and praised for their work. Version 2 is inaccurate since the writer himself said that when companies are exposed, they try to release new patches to fix their software. Lastly, version three is the most fair of the summaries. It highlighted all of Bruce’s points accurately and clearly.


  32. hershey515 says:

    Version 1- Inaccurate
    Version2- Unfair
    Version 3- Fair


  33. Version 1 is unfair.
    Version 2 is fair.
    Version 3 is inaccurate.


  34. Version one is unfair because it is misquoting many of his arguments.
    Version two is fair. Though it disagrees with what the author originally said, it gets all of his points in a fair way.
    Version three is inaccurate. It summarizes the entirety of it wrong.


  35. bane1900 says:

    Version 1 is inaccurate
    Version 2 is Unfair
    Version 3 is Fair


  36. compclass8 says:

    The version one is unfair because it is bashing on the researcher who is just providing information and doing his job. Version 2 is fair because it takes what the author is saying and summarizes it into his own words while quoting specific words that he used along the way. Version 3 is inaccurate it doesn’t completely cite the author in the beginning of the paragraph.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s