This discussion has been archived.
No new comments can be posted.
What Should We Do About Security Ethics? More
Login
What Should We Do About Security Ethics?
Comments Filter:
All
Insightful
Informative
Interesting
Funny
What Should We Do About Security Ethics?
(Score:5, Funny)
by doti (966971) writes:
Ignore it?
There are very few ethical companies.
(Score:5, Insightful)
by EmbeddedJanitor (597831) writes:
Most are only limited by what the law allows. Although a company might speak of ethics, don't expect them to actually practice it.
And why bother about security ethics when there are much more important ethical considerations like how they treat staff? Again, most companies screw most of their staff to the limit of the law.
In short: If you're looking for ethics you got off on the wrong planet.
Re:
(Score:4, Interesting)
by TheLinuxSRC (683475) * writes:
Most are only limited by what the law allows. Although a company might speak of ethics, don't expect them to actually practice it.
I agree with these two statements 100%, however...
And why bother about security ethics when there are much more important ethical considerations like how they treat staff? Again, most companies screw most of their staff to the limit of the law.
Treatment of staff is a strawman. It has no bearing on whether security is an issue. I was employed in a medical software company th
Re:There are very few ethical companies.
(Score:5, Interesting)
by Anonymous Coward writes:
on Tuesday April 15, 2008 @09:39PM (#23085458)
Don't even get me started. I work at a company which makes document imaging software and our customers send us all kinds of crap that honestly, scares the shit out of me. Not to mention information specifically protected by law. Most of the time, I get the sense that the sender didn't even remotely think about it. All they know is "this is not viewing/printing how it should" and so off they send it, as an attachment on unencrypted email.
So now I am put in the position of -- do I actually work on the client's problem? Or do I immediately destroy the information and tell them they are a dumbass? You know what the reality is? The highly sensitive document gets printed out, sometimes hundreds of times (as I tweak things during the debugging process), and I try to shred everything but when there's hundreds of copies, I'm sure I've missed one. If I was unscrupulous I could have made several million dollars off the information I see on a daily basis and I'm not exaggerating. Millions. Honestly it pisses me off.
Parent Share
twitter
facebook
linkedin
Re:There are very few ethical companies.
(Score:5, Interesting)
by Anonymous Coward writes:
on Tuesday April 15, 2008 @11:28PM (#23086112)
I remember in my days consulting, I got sent a DB to look at. This DB held all the personal information for everyone who was worth over $X. The DB contained SSN's, spouse's name, spouse's SSN, etc. As soon as I saw this DB, I asked where the NDA for it was. When I was told there was no NDA sent over, I felt sorry for everyone who's information was in there.
What Should We Do About Security Ethics? (Score:5, Funny)
There are very few ethical companies. (Score:5, Insightful)
And why bother about security ethics when there are much more important ethical considerations like how they treat staff? Again, most companies screw most of their staff to the limit of the law.
In short: If you're looking for ethics you got off on the wrong planet.
Re: (Score:4, Interesting)
I agree with these two statements 100%, however...
And why bother about security ethics when there are much more important ethical considerations like how they treat staff? Again, most companies screw most of their staff to the limit of the law.
Treatment of staff is a strawman. It has no bearing on whether security is an issue. I was employed in a medical software company th
Re:There are very few ethical companies. (Score:5, Interesting)
Don't even get me started. I work at a company which makes document imaging software and our customers send us all kinds of crap that honestly, scares the shit out of me. Not to mention information specifically protected by law. Most of the time, I get the sense that the sender didn't even remotely think about it. All they know is "this is not viewing/printing how it should" and so off they send it, as an attachment on unencrypted email.
So now I am put in the position of -- do I actually work on the client's problem? Or do I immediately destroy the information and tell them they are a dumbass? You know what the reality is? The highly sensitive document gets printed out, sometimes hundreds of times (as I tweak things during the debugging process), and I try to shred everything but when there's hundreds of copies, I'm sure I've missed one. If I was unscrupulous I could have made several million dollars off the information I see on a daily basis and I'm not exaggerating. Millions. Honestly it pisses me off.
Re:There are very few ethical companies. (Score:5, Interesting)
I remember in my days consulting, I got sent a DB to look at. This DB held all the personal information for everyone who was worth over $X. The DB contained SSN's, spouse's name, spouse's SSN, etc. As soon as I saw this DB, I asked where the NDA for it was. When I was told there was no NDA sent over, I felt sorry for everyone who's information was in there.
Re: (