lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050727150308.GB32543@sentinelchicken.org>
Date: Wed Jul 27 16:03:21 2005
From: tim-security at sentinelchicken.org (Tim)
Subject: Our Industry Is Seriously Ethics Impaired


> Your argument amounts to "The lesser of two evils", which is NOT the same
> as ethical behaviour.

True.  So far, I don't think anyone has made a philosophically sound
argument either way.  My take on it, is that these programs (as
advertized) are neither moral nor immoral, but are rather amoral.  They
can be used for "good" and for "evil" (according to numerous definitions
of each).

I think while these purchasing programs make it easier to "do the right
thing" by reporting bugs to the "right people", they also reduce the
effort required to make money on immoral activities, such as the
purposeful planting of bugs in code and the leaking of bugs into black
markets.

Of course, if the "right people" are morally impaired (by your
definition of morality), then perhaps these programs lean slightly to
the dark side.  Of course, there's no real way to know that.

tim

Powered by blists - more mailing lists