Ethics
As discussed earlier today, I had an ethical question at work. I want to turn this one over to you, for your votes.
The defect I found allows the malicious user to change the price of an item in a shopping cart from the amount the seller wants it to be, to the amount the buyer wants. Quite a nice trick. The issue is this: if I give a simple "do exactly this" description and anything on the page changes then it is not duplicatible, however if I give a "do generally this to figure out exactly what you need to do" description then it is always duplicatible. The problem is how public this information is now. Basically, anyone internal to our company has access to it (50) anyone internal to the development company now has access to it (let's assume 50), and anyone internal to the client company (500) now has access to it. So, that's, roughly, 600 people who have access to this information that were it not for my actions might not have.
Additionally, the development team is in a country that is not known for their scruples, so, basically, what have I done?
The question now becomes:
Should I have given the first (albeit less useful) description, or should I have given the second description? And, am I now ethically responsible for anyone who uses the information I gave them maliciously?
The defect I found allows the malicious user to change the price of an item in a shopping cart from the amount the seller wants it to be, to the amount the buyer wants. Quite a nice trick. The issue is this: if I give a simple "do exactly this" description and anything on the page changes then it is not duplicatible, however if I give a "do generally this to figure out exactly what you need to do" description then it is always duplicatible. The problem is how public this information is now. Basically, anyone internal to our company has access to it (50) anyone internal to the development company now has access to it (let's assume 50), and anyone internal to the client company (500) now has access to it. So, that's, roughly, 600 people who have access to this information that were it not for my actions might not have.
Additionally, the development team is in a country that is not known for their scruples, so, basically, what have I done?
The question now becomes:
Should I have given the first (albeit less useful) description, or should I have given the second description? And, am I now ethically responsible for anyone who uses the information I gave them maliciously?
posted by granola girl at 4:51 pm
3 Comments:
I don't really understand the question - can you translate it from geek to english?
Uh, sure. I guess it boils down to this:
Basically, I told a whole bunch of people how to hack into a shopping cart and change the price from $50 to $.01. If they do this in the real world am I ethically responsible for their behaviour, because I taught them how to do it?
I don't think so but I have a notoriously under-developed conscience. Unless you are actually standing over them with a gun threatening their lives unless they change the price, I don't think you are responsible. I would say that it's up to them if they want to utilise the information in an unethical manner.
Post a Comment
<< Home