Lately, one of the big topics in my life has been that of ethics.
There’s the ethics in research/reporting conversation in the SCADA Security world…
There’s the ethics of paid vs. unpaid ‘research’ in Joanna’s world…
There’s an interesting question posed on Slashdot — What Should We Do About Security Ethics? — I shall weigh in and flaunt my low /. UID shortly, but you should take the time to read the comments, there’s some bright people showing up today.
How do you feel about ethics – how do personal, professional, phyle, and societal ethics influence or control how you do what you do?
[tags]open question, security ethics[/tags]
Oh, Oh, Low /. uid fight!
I got 8900
Generally, I like rain forest puppy’s responsible disclosure policy, though security ethics is a much larger question than one of “To disclose, or not to disclose”. Glory-hawks will never disclose responsibly, and are never hired by me.
That being said, there are times when public disclosure outside the bounds of responsible disclosure is necessary. If one is to go that route and is in the profession, they’d better have a pre-published exception process to their normal responsible disclosure. If they aren’t “in the biz” and making money from disclosure, then it doesn’t much matter what ethics they follow as arguing it is as productive as Chevy vs. Ford, or Tastes Great; Less Filling.
As my organization’s ISO, ethics drive everything I do. In a position of enacting sometimes controversial standards and controls around them, it is imperative that we eat our own dog food lest we fritter what little credibility we have away.
I’m one of the lucky few that aren’t beholden to any specific code as part of belonging to a particular credentialed society such as ISACA, (ISC)2, etc., and can ensure that my personal ethics, which I (of course) believe to be substantial, are employed in full force. Given my upbringing, those personal ethics are fairly black and white. Having that kind of clarity is vital when conveying objective risks to the business when you have to buck the trend of convenience and least cost.
To quote Toby Keith, “You may not like where I’m going, but you sure know where I stand”. Reasonable minds can disagree. If you are consistently ethical (whatever that means to you) and don’t compromise, you can speak from a position of authority when challenged.
Alex – I bow – I’m 26138 – bumbled again!
CJ – ass kicking comment, and yet, you quote country music at me!
My bad. “When a man lies, he murders some part of the world”. That better? 😉
Caveman me: “Common ground good. Compromise bad.”