Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb4dce7d-8504-4779-95ec-26076053abc1"><ac:parameter ac:name="">Ethical_Considerations_in_CVD_</ac:parameter></ac:structured-macro>At present, there is no generally accepted set of ethical guidelines for CVD. In the security response arena, work toward defining ethical guidelines is ongoing. The Forum of Incident Response and Security Teams (FIRST) has established a special interest group to develop a code of ethics for its member teams and liaisons [31]. However, that does not imply that there is a complete absence of relevant guidance in the matter. Here we highlight some ethics advice from related sources.

Ethics in Related Professional Societies

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebf5f988-087b-40f0-b36d-60dbefc56d01"><ac:parameter ac:name="">Ethics_in_Related_Professional-1</ac:parameter></ac:structured-macro>Various computing-related professional societies have established their own codes of ethics. Each of these has application to CVD.
The Association for Computing Machinery (ACM) Code of Ethics and Professional Conduct [32] includes the following general imperatives:

  • Contribute to society and human well-being.
  • Avoid harm to others.
  • Be honest and trustworthy.
  • Be fair and take action not to discriminate.
  • Honor property rights including copyrights and patent.
  • Give proper credit for intellectual property.
  • Respect the privacy of others.
  • Honor confidentiality.

The Usenix' System Administrators' Code of Ethics [33] includes an ethical responsibility "to make decisions consistent with the safety, privacy, and well-being of my community and the public, and to disclose promptly factors that might pose unexamined risks or dangers."

Journalism Ethics

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dcd5313b-ccec-4405-9014-29d0ded1d38b"><ac:parameter ac:name="">Journalism_Ethics_</ac:parameter></ac:structured-macro>In many ways, disclosing a vulnerability can be thought of as a form of journalistic reporting, in that
The purpose of journalism is ... to provide citizens with the information they need to make the best possible decisions about their lives, their communities, their societies, and their governments [34].
By analogy, vulnerability disclosure provides individuals and organizations with the information they need to make the best possible decisions about their products, their computing systems and networks, and the security of their information.
We find the four major principles offered by The Society of Professional Journalists Code of Ethics to be relevant to CVD as well [35]:

  • Seek truth and report it – Ethical journalism should be accurate and fair. Journalists should be honest and courageous in gathering, reporting and interpreting information.
  • Minimize harm – Ethical journalism treats sources, subjects, colleagues and members of the public as human beings deserving of respect.
  • Act independently – The highest and primary obligation of ethical journalism is to serve the public.
  • Be accountable and transparent – Ethical journalism means taking responsibility for one's work and explaining one's decisions to the public.
  • No labels