Zero-day Attack - Ethics

Ethics

Differing views surround the collection and use of zero-day vulnerability information. Many computer security vendors perform research on zero-day vulnerabilities in order to better understand the nature of vulnerabilities and their exploitation by individuals, computer worms and viruses. Alternatively, some vendors purchase vulnerabilities to augment their research capacity. An example of such a program is TippingPoint's Zero Day Initiative. While selling and buying these vulnerabilities is not technically illegal in most parts of the world, there is much controversy over the method of disclosure. A recent German decision to include Article 6 of the Convention on Cybercrime and the EU Framework Decision on Attacks against Information Systems may make selling or even manufacturing vulnerabilities illegal.

Most formal efforts follow some form of RFPolicy disclosure guidelines or the more recent OIS Guidelines for Security Vulnerability Reporting and Response. In general these rules forbid the public disclosure of vulnerabilities without notification to the developer and adequate time to produce a patch.

Read more about this topic:  Zero-day Attack

Famous quotes containing the word ethics:

    The vanity of the sciences. Physical science will not console me for the ignorance of morality in the time of affliction. But the science of ethics will always console me for the ignorance of the physical sciences.
    Blaise Pascal (1623–1662)

    Ethics and religion differ herein; that the one is the system of human duties commencing from man; the other, from God. Religion includes the personality of God; Ethics does not.
    Ralph Waldo Emerson (1803–1882)