1. Ethics of the software vulnerabilities and exploits market
- Author
-
Nir Fresco and Marty J. Wolf
- Subjects
Cultural Studies ,Exploit ,media_common.quotation_subject ,Vulnerability ,ComputingMilieux_LEGALASPECTSOFCOMPUTING ,Legislation ,02 engineering and technology ,0603 philosophy, ethics and religion ,Computer security ,computer.software_genre ,Management Information Systems ,Software ,020204 information systems ,Information ethics ,0202 electrical engineering, electronic engineering, information engineering ,media_common ,ComputingMilieux_THECOMPUTINGPROFESSION ,business.industry ,06 humanities and the arts ,Democracy ,Identification (information) ,Open source ,060302 philosophy ,Political Science and International Relations ,ComputingMilieux_COMPUTERSANDSOCIETY ,Business ,computer ,Information Systems - Abstract
In this article we establish three claims: 1 When the target software is proprietary, in the absence of other overriding ethical considerations, the identification of a vulnerability and the development, sale, and purchase of non-zero-day exploits are ethically justified; 2 when the target software is Free/Libre/Open Source, the buying and selling of vulnerabilities can be ethically justified only in a very narrow situation, while the sale and purchase of non-zero-day exploits is ethically justified absent of any other overriding information; and 3 democratic governments should promote legislation that either incentivizes corporate in-house vulnerability identification and mitigation programs or requires firms to more fully absorb the societal costs of insecure software.
- Published
- 2016