Is it ethical to sell information about fixing a security hole?

by Joe118
10 replies
I'm asking whether it's ethical to sell, as opposed to giving it away for free, information about security threats and how to fix them. The specific issue I have in mind is a currently active threat to WP blogs and the fix for same. There's a WSO about this running, and this puts me in a bind -- should I put the info out here and hurt that author's WSO, or should I keep silent and not tell people about their blogs being at risk and how to fix?

Discuss, please?
#ethical #fixing #hole #information #security #sell
  • Profile picture of the author Sergiu FUNIERU
    Let me ask you this: if I'm a company that produces antiviruses, do I sell them or do I offer them free? I don't know ANY company that offers a GOOD antivirus completely free.
    {{ DiscussionBoard.errors[1687295].message }}
    • Profile picture of the author Chris Worner
      Originally Posted by Sergiu FUNIERU View Post

      Let me ask you this: if I'm a company that produces antiviruses, do I sell them or do I offer them free? I don't know ANY company that offers a GOOD antivirus completely free.
      AVG free kicks ass and has full security update support, so I beg to differ, although I did pay for the full internet security suite.

      Originally Posted by Joe118 View Post

      I'm asking whether it's ethical to sell, as opposed to giving it away for free, information about security threats and how to fix them. The specific issue I have in mind is a currently active threat to WP blogs and the fix for same. There's a WSO about this running, and this puts me in a bind -- should I put the info out here and hurt that author's WSO, or should I keep silent and not tell people about their blogs being at risk and how to fix?

      Discuss, please?
      I would give out the info free if somebody specifically asked for it. Do it via private PM if you are concerned about hurting this persons sales, besides it is only a matter of time before somebody else does.


      Chris
      Signature

      {{ DiscussionBoard.errors[1688143].message }}
    • Profile picture of the author Joe118
      Originally Posted by Sergiu FUNIERU View Post

      Let me ask you this: if I'm a company that produces antiviruses, do I sell them or do I offer them free? I don't know ANY company that offers a GOOD antivirus completely free.
      There's several really good free AV programs.

      All AV companies have websites where they describe current threats for free. Not the solution but at least the threats.

      And if I do make the knowledge widely available here, I'm hurting the WSO of a fellow warrior.

      So - what would you do? I'm including a pointer to the most serious security threats in wordpress, since it's public info:

      http://www.securiteam.com/products/W/Wordpress.html
      {{ DiscussionBoard.errors[1688291].message }}
  • Profile picture of the author Dennis Gaskill
    Joe - that's a real dilemma. It's easy to rationalize either option as the right thing to do.

    Is it becoming common knowledge? If it's common knowledge I'd say post it. If not, well...
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[1687313].message }}
  • Profile picture of the author WD Mino
    I just tell people to use acunetix which covers any site or blog so wso or not help is help I see nothing wrong with helping people I may on the other hand see capitalizing on information that can be obtained for free as being unethical
    -WD
    Signature

    "As a man thinks in his heart so is he-Proverbs 23:7"

    {{ DiscussionBoard.errors[1687485].message }}
  • Profile picture of the author WillyCop
    If I were you, I would either sell or give them for free, the information that you know about fixing the security hole. Do you think that this information is a huge thing or not?

    Contact them and try to make some money if you'll come together.

    In other case I personaly would probably rather give them information for free than not telling it to nobody. But like I said... if you can arrange, try to make some money out of it =)
    {{ DiscussionBoard.errors[1687501].message }}
  • Profile picture of the author sbucciarel
    Banned
    Since there is already a WSO that you are aware of, what would you hope to gain by giving the info away? Did you buy the WSO? Just wondering how you know it's the same info. If you did buy it, it would be unethical to share it.
    {{ DiscussionBoard.errors[1687666].message }}
    • Profile picture of the author Bewley
      In the spirit of Open Source, in which how WP has evolved, developed and maintained, I would give it away for free.

      Adrian
      {{ DiscussionBoard.errors[1687695].message }}
  • Profile picture of the author Mark Blaze
    The real question here is if you should release this for free as there is another wso about the issue which may or may not include the same fix!

    In that case it really depends... free info that are included in wso's is given out both before, at the same time and after the wso! But i know what you mean.

    Take for example the gmail marketing product, soon after a wso was made which said the same thing's and the guy said he has been working on it before he knew about the other marketer releasing it!

    I would sell it or make sure people have to optin to get it and put it as a wso! That way you are not really damaging that guy's sales as they still have to do something to get it.

    Mark Blaze
    Signature
    Aweber BONUS! <- Email Marketing At It's Best!
    The Best Spinner BONUS!<- Article Spinning Made 110% Easier!
    Unique Article Wizard BONUS! <- 2000+ Backlinks + Traffic With Each Article!
    {{ DiscussionBoard.errors[1688171].message }}
  • Profile picture of the author Jim Gillum
    Have seen IM info being sold that is also available for free if a person looks for it....

    If I give my subscribers info for free that others are selling, is that bad?

    Let you conscience be your guide.......
    {{ DiscussionBoard.errors[1688175].message }}

Trending Topics