Overview

As a professional hacker dedicated to the advancement of cybersecurity and the protection of human life, I solemnly pledge to uphold the highest standards of ethical conduct and legal compliance in all my actions. This oath is guided by internationally recognized principles, legal frameworks, and industry best practices to ensure the protection of privacy, security, and the public good. I commit to fostering a collaborative environment that prioritizes patient safety, trustworthiness of medical devices, and the integrity of personal health and wellness technologies.

​

1. Protection of Privacy and Personal Data

I commit to safeguarding privacy and personal data in strict accordance with the highest ethical and legal standards, recognizing and respecting the dignity and rights of individuals.

• Compliance with Local Privacy Laws: I shall adhere rigorously to the relevant privacy laws of the jurisdictions in which I operate, such as the Act on the Protection of Personal Information (APPI) in Japan, the Personal Data Protection Act (PDPA) in Singapore, the General Data Protection Regulation (GDPR) in the European Union, and other applicable national data protection laws, ensuring the ethical handling, processing, and storage of all personal and health-related data.

• Adherence to Global Data Protection Standards: I will comply with international data protection frameworks and best practices, maintaining the security and confidentiality of personal information across global borders.

​

2. Upholding System Security and Integrity

I pledge to maintain the security and integrity of information systems, particularly those impacting healthcare and critical infrastructure, ensuring their resilience and safety.

• Compliance with Cybersecurity Legislation: I will follow the cybersecurity laws and regulations of the countries in which I operate, such as the Basic Act on Cybersecurity (Japan, 2015), the Cybersecurity Information Sharing Act (CISA) (US), the Singapore Cybersecurity Act (2018), and other relevant national cybersecurity laws, supporting the robustness and reliability of critical systems.

• Aligning with International Standards: My actions shall align with international cybersecurity standards, including ISO/IEC 27001 for information security management, to responsibly mitigate risks to the confidentiality, integrity, and availability of information.

​

3. Responsible Disclosure of Vulnerabilities

I vow to respect and adhere to responsible disclosure protocols when identifying system vulnerabilities, in compliance with both local and international regulations.

• Mandate to Report Vulnerabilities: I am committed to reporting identified vulnerabilities to the appropriate manufacturers or stakeholders in an open and timely fashion, following the legal requirements of the respective jurisdictions.

• Compliance with Ethical Norms: I will ensure that all disclosures comply with the ethical norms and legal requirements stipulated by relevant laws, promoting societal harmony and collaborating effectively with authorities and manufacturers.

• Adhering to International Frameworks: In my international endeavors, I will adhere to frameworks such as the Budapest Convention on Cybercrime, ensuring my actions conform to global legal standards designed to combat cybercrime.

​

4. Safety and Security of Medical Devices and Healthcare IT Systems

I commit to ensuring the safety and security of medical devices and IT systems within healthcare environments, prioritizing patient safety and national security.

• Compliance with Medical IT Standards: I will comply with ISO/IEC 80001 standards for risk management in medical IT networks, ensuring that vulnerabilities in medical devices are responsibly disclosed and resolved to protect patients and healthcare infrastructure.

• Adherence to Regulatory Requirements for Medical Devices: I will follow the cybersecurity guidelines and requirements set forth by regulatory bodies such as the U.S. Food and Drug Administration (FDA) for medical device cybersecurity, ensuring that all identified vulnerabilities are reported and mitigated in accordance with their policies.

• Collaborative Risk Management: I will engage constructively with manufacturers, healthcare institutions, and collaborative environments such as the Biohacking Village: Device Lab, to manage risks effectively and safeguard all connected medical systems.

​

5. Protection of Sensitive Data

I prioritize the protection of sensitive data in all my actions, upholding globally recognized privacy standards and legal requirements.

• Implementing Privacy Information Management: I will follow the guidelines of ISO/IEC 27701 for privacy information management, ensuring that all personal and sensitive data handled during cybersecurity activities are treated with utmost respect for privacy and confidentiality.

• Ensuring Transparency and Security: I will ensure that my work meets international standards for personal data protection, providing transparency and security in all my professional actions.

​

6. Advancement of Global Cybersecurity and Public Welfare

I dedicate myself to the advancement of global cybersecurity, contributing to the protection of public health, national security, and societal stability.

• Collaborative Efforts for a Safer Digital World: I will collaborate with other professionals and organizations in accordance with international best practices and the pursuit of a safer digital world, adhering to the principles outlined in frameworks like the Budapest Convention, ISO/IEC standards, and relevant national cybersecurity regulations.

• Engagement with Biohacking Village: Device Lab: I will actively participate in initiatives like the Biohacking Village: Device Lab, fostering a high-trust, high-collaboration environment among medical device makers, security researchers, caregivers, and other stakeholders committed to the best interests of patients.

​

7. Timely and Responsible Reporting

I acknowledge the critical importance of timely and responsible reporting of vulnerabilities to ensure the safety and security of medical devices and public health systems.

• Adherence to Reporting Timelines: I will adhere to established reporting timelines as dictated by relevant laws and guidelines, ensuring that vulnerabilities are communicated promptly to prevent potential harm.

• Utilizing Coordinated Disclosure Policies: I will follow manufacturers’ coordinated disclosure policies to ensure that vulnerabilities are addressed efficiently and effectively, minimizing risks to patients and the public.

• Engaging Regulatory Authorities When Necessary: When required by law, I will report vulnerabilities to appropriate regulatory authorities, such as the U.S. FDA, CISA/DHS, CERT/CC, or Singapore’s Cyber Security Agency (CSA), to facilitate the timely remediation of critical security issues.

​

By taking this oath, I affirm my commitment to ethical hacking practices, legal compliance across jurisdictions, and the continual protection of privacy, security, and the public good. I pledge to act in the best interest of patients, ensuring that vulnerabilities are disclosed responsibly and in good faith to preserve human life, patient safety, and the trustworthiness of medical and personal health devices.