{"title":"脆弱性及其周围的道德问题:私营部门的道德准则","authors":"Alfonso De Gregorio","doi":"10.1109/CYCONUS.2016.7836615","DOIUrl":null,"url":null,"abstract":"Zero-day vulnerabilities — weaknesses in software that are unknown to the parties who can mitigate their specific negative effects — are gaining a prominent role in the modern-day intelligence, national-security, and law-enforcement operations. At the same time, the lack of transparency and accountability in their trade and adoption, their possible overexploitation or abuse, the latent conflict of interests by entities handling them, and their potential double effect may pose societal risks or lead to the breach of human rights. If left unaddressed, these usage-related challenges call into question the legitimacy of zero-day vulnerabilities as enablers of national security and law enforcement operations and erode the benefits that their proportionate use have for the judiciary, defence, and intelligence purposes. This work explores what the private sector involved in the trade of zero-day vulnerabilities can do to ensure the respect human rights and the benign and societally beneficial use of those capabilities. After reviewing what can go wrong in the acquisition of zero-day vulnerabilities, the article contributes the first code of ethics focused on the trade of vulnerability information, where the author sets forth six principles and eight corresponding ethical standards aimed respectively at guiding and regulating the conduct of this business.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Vulnerabilities and their surrounding ethical questions: a code of ethics for the private sector\",\"authors\":\"Alfonso De Gregorio\",\"doi\":\"10.1109/CYCONUS.2016.7836615\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Zero-day vulnerabilities — weaknesses in software that are unknown to the parties who can mitigate their specific negative effects — are gaining a prominent role in the modern-day intelligence, national-security, and law-enforcement operations. At the same time, the lack of transparency and accountability in their trade and adoption, their possible overexploitation or abuse, the latent conflict of interests by entities handling them, and their potential double effect may pose societal risks or lead to the breach of human rights. If left unaddressed, these usage-related challenges call into question the legitimacy of zero-day vulnerabilities as enablers of national security and law enforcement operations and erode the benefits that their proportionate use have for the judiciary, defence, and intelligence purposes. This work explores what the private sector involved in the trade of zero-day vulnerabilities can do to ensure the respect human rights and the benign and societally beneficial use of those capabilities. After reviewing what can go wrong in the acquisition of zero-day vulnerabilities, the article contributes the first code of ethics focused on the trade of vulnerability information, where the author sets forth six principles and eight corresponding ethical standards aimed respectively at guiding and regulating the conduct of this business.\",\"PeriodicalId\":358914,\"journal\":{\"name\":\"2016 International Conference on Cyber Conflict (CyCon U.S.)\",\"volume\":\"66 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Cyber Conflict (CyCon U.S.)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CYCONUS.2016.7836615\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Cyber Conflict (CyCon U.S.)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CYCONUS.2016.7836615","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Vulnerabilities and their surrounding ethical questions: a code of ethics for the private sector
Zero-day vulnerabilities — weaknesses in software that are unknown to the parties who can mitigate their specific negative effects — are gaining a prominent role in the modern-day intelligence, national-security, and law-enforcement operations. At the same time, the lack of transparency and accountability in their trade and adoption, their possible overexploitation or abuse, the latent conflict of interests by entities handling them, and their potential double effect may pose societal risks or lead to the breach of human rights. If left unaddressed, these usage-related challenges call into question the legitimacy of zero-day vulnerabilities as enablers of national security and law enforcement operations and erode the benefits that their proportionate use have for the judiciary, defence, and intelligence purposes. This work explores what the private sector involved in the trade of zero-day vulnerabilities can do to ensure the respect human rights and the benign and societally beneficial use of those capabilities. After reviewing what can go wrong in the acquisition of zero-day vulnerabilities, the article contributes the first code of ethics focused on the trade of vulnerability information, where the author sets forth six principles and eight corresponding ethical standards aimed respectively at guiding and regulating the conduct of this business.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
