Ethics of the software vulnerabilities and exploits market

Marty J. Wolf, Nir Fresco

Research output: Contribution to journalArticlepeer-review

6 Scopus citations

Abstract

In this article we establish three claims: (1) When the target software is proprietary, in the absence of other overriding ethical considerations, the identification of a vulnerability and the development, sale, and purchase of non-zero-day exploits are ethically justified; (2) when the target software is Free/Libre/Open Source, the buying and selling of vulnerabilities can be ethically justified only in a very narrow situation, while the sale and purchase of non-zero-day exploits is ethically justified absent of any other overriding information; and (3) democratic governments should promote legislation that either incentivizes corporate in-house vulnerability identification and mitigation programs or requires firms to more fully absorb the societal costs of insecure software.

Original languageEnglish
Pages (from-to)269-279
Number of pages11
JournalInformation Society
Volume32
Issue number4
DOIs
StatePublished - 7 Aug 2016
Externally publishedYes

Keywords

  • Bug bounty programs
  • information ethics
  • software exploits
  • software vulnerabilities
  • zero-day exploits

ASJC Scopus subject areas

  • Management Information Systems
  • Cultural Studies
  • Information Systems
  • Political Science and International Relations

Fingerprint

Dive into the research topics of 'Ethics of the software vulnerabilities and exploits market'. Together they form a unique fingerprint.

Cite this