Slashdot Mirror
What Should We Do About Security Ethics?
An anonymous reader writes "I am a senior security xxx in a Fortune 300 company and I am very frustrated at what I see. I see our customers turn a blind eye to blatant security issues, in the name of the application or business requirements. I see our own senior officers reduce the risk ratings of internal findings, and even strong-arm 3rd party auditors/testers to reduce their risk ratings on the threat of losing our business. It's truly sad that the fear of losing our jobs and the necessity of supporting our families comes first before the security of highly confidential information. All so executives can look good and make their bonuses? How should people start blowing the whistle on companies like this?"
unknown intruders penetrated xxx, because of security failure yyy you have always complained about, and the only reason you just happened to catch it is because you implented zzz as an afterthought
the catch of course, is that you are also the intruder, and the whole exercise was to deliver a lesson: things are too lacadaisical
that you look like a hero is just gravy
and if you think it is too risky to fake the intrusion, i guess you aren't up to the high standards you hold others by, huh?
put your money where your mouth is, or swallow your anxiety
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it