The ethics of employing ex-hackers
Kurt Wismer, who writes the anti-virus rants blog, has made an interesting point as a comment to my post Panda’s Urban Myths: should the security industry employ ex-hackers? He says
the anti-malware community has historically been far, far less ethically ‘flexible’ than the broader security community…
…because those companies weren’t started by a bunch of people with questionable pasts, they’ve had the option of crucifying any competitor in the court of public opinion for ethical breaches such as hiring the fox to guard the hen house.
I do not disagree with Kurt one iota – I think it a very perceptive view of the AV industry. But I want to ask a question that arises: can ethics be flexible?
Well, for our purpose, let’s define ‘ethics’ as moral values and rules. Clearly, there are no absolute ‘moral values and rules’. If there were, we would need no law nor courts, just the Book of Ethics. But if moral values are not absolute, they must be subjective and relative. This means that each person may have his or her own ethical values. So while I may disagree with your ethics, I could never prove that mine are superior – just different.
However, moral values are so important to the smooth running of society, that I think it is incumbent upon all of us to fight for and uphold those values in which we believe. So I find myself coming down firmly on the side of the less ethically flexible anti-malware community. And basically for just one reason: we must never reward bad behaviour. It simply encourages more bad behaviour; and for other children to copy and escalate that bad behaviour. Ask any parent.