Saturday, June 13, 2009

How is your security research being used?

I've removed this blog entry, because since I first posted it, I now feel that the post is naive. The summary of the rant was that concerns about social justice should be considered in addition to typical legal and nationalistic concerns, especially when it comes to offensive security research. But the devil is in the details, and the more I researched the topic the murkier the waters got. Suffice it to say that I will carefully consider where any work that I do ends up - I do not want it to be used to facilitate cybercrime (such as public exploits ending in exploit kits that then rob Grandma of her credit card) nor do I want my work to go towards organizations that I consider to be unethical and immoral, even if selected authorities within such organizations would have us look the other way at their historical and ongoing abuses of power. People who get their technical jollies regardless of the consequences of how their work is used should be informed by a larger sense of ethics and responsibility to the world. Yes, rainbows and unicorns and world peace and an end to world hunger and greed and all that. I'm not holding my breath, however I know where my own moral compass is.