You’ve probably read a lot about state-sponsored APT attacks, ransomware, bug-bounty programs, disclosure of zero-day vulnerabilities and exploits, even what color hat a hacker wears (figuratively). I could go on and on with the attention-grabbing topics, but I think I’ve made my point.
One thing we don’t often talk about, however, is what is and is not ethical. Subscribers to the Kaspersky Transatlantic Cable podcast may remember David and me chatting with Ivan Kwiatkowski on the topic a few weeks ago. Well, Ivan and I have been discussing ethics in cybersecurity quite a bit over the past few months, and we decided to dig in more deeply.
Our guests included my usual cohost David Buxton as well as Aseel Kayal and Runa Sandvik — make sure to follow them on Twitter. We were lucky enough to spend nearly 2 hours in conversation, discussing a wide range of topics including:
- Competitive collaboration,
- Disclosure,
- The roles of government and private companies in user security,
- Attribution,
- Whether threat intelligence helps adversaries,
- Governments hoarding zero-day information.
That’s just a taste — there’s loads more to pique the interest of anyone working within the space.