Within science, there are 6 key principles: relativism, objectivity, parsimony, empiricism, ethical neutrality, and determinism. This is how they relate to cybersecurity.
Relativism shows how all things are related. The best way I can see it is through the use of artificial intelligence. Many companies are implementing AI in cybersecurity. But this is not new. Before AI, many companies were implementing intrusion protection systems, intrusion detection systems, and next generation firewalls. This is just advancing on these implementations. These systems were able to implement controls based on the threat that was perceived. Using AI does the same thing in a much broader sense. It learns from the data given in order to implement controls and configure a network. Without basic concepts such as IPS, IDS, and NGFWs, we would have a much harder time implementing these systems. But since they are in relation, it makes it easier to implement them in a meaningful way.
Objectivity is a principle that allows scientists to study in a value free manner. To me, this is notable throughout the gray hat hacking community. Being able to study one’s network without their permission will prove to be more valuable than trying and execute an attack in a controlled environment. Not only that, but a post hack analysis will be far more revealing.
The principle of parsimony is that scientists should keep their explanations as simple as possible. This will ensure that others will understand the explanation and be able to test them. Explaining beyond what is needed in a zero-day attack may confuse certain people, and it may not be relevant to the study at hand. Instead, being able to simplify the attack may prove to help those studying it to create a patch or mitigation at a quicker pace.
The principle of empiricism is to study behavior that is real to the senses, and that scientific knowledge comes from what we experience. This plays a big part in ethical hacking. Though you may see a CVE, and hear of an attack, you do not truly know what it can do until it is tested. Most places will simulate an attack and analyze the results. This will help implement controls and create patches for software.
Ethical neutrality is the belief that scientists must adhere to ethical standards when conducting research. This is a major aspect that can separate computer scientists from malicious hackers. Both could have the ability to hack a system using the same methodology and tools, but the scientist is doing it for the purpose of studying how this hack works. Cybercriminals typically hack for personal gain.
Determinism is the principle that means behavior is caused, determined, or influenced by preceding events. This relates to cybersecurity because it can show the events that lead individuals to commit cybercrime and perform analysis on which companies/individuals are vulnerable at a given time.