skip to main content
review-article
Free access

The ethics of zero-day exploits---: the NSA meets the trolley car

Published: 17 December 2020 Publication History

Abstract

Are U.S. government employees behaving ethically when they stockpile software vulnerabilities?

References

[1]
Ablon, L. and Bogart, A. Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits. The RAND Corporation, 2017, Santa Monica, CA, USA.
[2]
BBC News. Cyber-Attack: Europol says it was unprecedented in scale. May 13, 2017; http://www.bbc.com/news/world-europe-39907965.
[3]
Bentham, J. An Introduction to the Principles of Morals and Legislation. London, 1789. Also in Collected Works. J.H. Burns and H. L. A. Hart, Eds. Clarendon Press, Oxford, U.K., 1970.
[4]
Bilge, L. and Dumitras. Y. Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM Conf. Computer and Communications Security, 833--844.
[5]
Brewster, T. An NSA Cyber weapon might be behind a massive global ransomware outbreak. Forbes, May 12, 2017; https://bit.ly/3l3qwGu
[6]
Daniel, M. Heartbleed: Understanding When We Disclose Cyber Vulnerabilities. Whitehouse.gov blog, (April 28, 2014).
[7]
Islam, A., Oppenheim, N., Thomas, W. SMB exploited: WannaCry use of 'EternalBlue.' FireEye, May 26, 2017; https://bit.ly/3n3Z2m7
[8]
Kamm, F.M. Intricate Ethics: Rights, Responsibilities, and Permissible Harm. Oxford University Press, 2007.
[9]
Libicki, M.C., Ablon, L., Webb, T. The Defender's Dilemma: Charting a Course Toward Cybersecurity. The RAND Corporation, 2015, Santa Monica, CA, USA.
[10]
McConnell, S. Code Complete: A Practical Handbook of Software Construction. Microsoft Press, Redmond, WA, USA, 2004.
[11]
Moore, T., Friedman, A., and Procaccia, A.D. Would a 'cyber warrior' protect us: Exploring trade-offs between attack and defense of information systems. In Proceedings of the 2010 Workshop on New Security Paradigms. ACM, New York, NY, 2010, 85--94.
[12]
Nakashima, E. The NSA has linked the WannaCry computer worm to North Korea. Washington Post, (June 14, 2017); https://wapo.st/2SpSPmB
[13]
Nakashima, E. and Gregg, A. NSA's top talent is leaving because of low pay, slumping morale and unpopular reorganization. Washington Post (Jan. 2, 2018); https://wapo.st/30m9Xh9
[14]
Ryan, N. Stuxnet attackers used 4 Windows zero-day exploits. ZDNet, (Sept. 14, 2010); http://www.zdnet.com/article/stuxnet-attackers-used-4-windows-zero-day-exploits/
[15]
Sandel, M. Justice: What's the Right Thing to Do? Farrar, Straus, and Giroux, New York, NY, 2009, 21.
[16]
Schwartz, A. and Knake, R. Government's Role in Vulnerability Disclosure: Creating a Permanent and Accountable Vulnerability Equities Process. Discussion Paper 2016-04. Harvard University, Belfer Center, Cambridge, MA, USA, June 2016.
[17]
Sutton, M., Greene, A. and Amini, P. Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley, Boston, MA, 2007.

Cited By

View all
  • (2024)The Prisoner’s Dilemma of Open-Source Software SecurityComputer10.1109/MC.2024.341586857:10(82-85)Online publication date: 1-Oct-2024
  • (2024)Bi-Directional Transformers vs. word2vec: Discovering Vulnerabilities in Lifted Compiled Code2024 Cyber Awareness and Research Symposium (CARS)10.1109/CARS61786.2024.10778724(1-8)Online publication date: 28-Oct-2024
  • (2024)Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international securityWorld Affairs10.1002/waf2.12004187:1(24-36)Online publication date: 15-Feb-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 64, Issue 1
January 2021
115 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/3444848
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 December 2020
Published in CACM Volume 64, Issue 1

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Review-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)856
  • Downloads (Last 6 weeks)110
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)The Prisoner’s Dilemma of Open-Source Software SecurityComputer10.1109/MC.2024.341586857:10(82-85)Online publication date: 1-Oct-2024
  • (2024)Bi-Directional Transformers vs. word2vec: Discovering Vulnerabilities in Lifted Compiled Code2024 Cyber Awareness and Research Symposium (CARS)10.1109/CARS61786.2024.10778724(1-8)Online publication date: 28-Oct-2024
  • (2024)Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international securityWorld Affairs10.1002/waf2.12004187:1(24-36)Online publication date: 15-Feb-2024
  • (2023)Building an IT Security Laboratory for Complex Teaching Scenarios Using ‘Infrastructure as Code’2023 IEEE Global Engineering Education Conference (EDUCON)10.1109/EDUCON54358.2023.10125250(1-8)Online publication date: 1-May-2023
  • (2023)Backwards from zero: How the U.S. public evaluates the use of zero-day vulnerabilities in cybersecurityContemporary Security Policy10.1080/13523260.2023.221611244:3(437-461)Online publication date: 25-May-2023
  • (2022)Insecure Software on a Fragmenting Internet2022 Cyber Research Conference - Ireland (Cyber-RCI)10.1109/Cyber-RCI55324.2022.10032675(1-9)Online publication date: 25-Apr-2022

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media