Ethical questions for security experts

Alex Stamos's Defcon 21 presentation The White Hat’s Dilemma is a compelling and fascinating look at the ethical issues associated with information security work in the era of mass surveillance, cyberwar, and high-tech extortion and crime.

It gets especially interesting when it delves into hypotheticals for security experts, like:

You find a critical remote exploit in a very widespread product. Do you:

A) Publicly announce the flaw immediately

B) Build a whole Black Hat talk around it

C) Perform responsible disclosure with deadlines

D) Use it to sell “consulting” to the vendor

E) Weaponize and sell directly to your government

F) Weaponize and sell to a trader

G) Use it yourself for fun and/or profit

The White Hat’s Dilemma (via O'Reilly Radar)