Internet - Ethics of Publicizing Security Vulnerabilities :: Free Essays Online

The Ethics of Publicizing Security Vulnerabilities Abstract In 1988, Robert T. Morris Jr. outpouringd the Internet sophisticate Virus, which essentially shut down the correct internet for a day. Morris wrote the virus using known vulnerabilities in the UNIX operating system. When these vulnerabilities are discovered, should they be publicized or kept secret to prevent only attacks? These issues relate closely to the concepts of open source versus proprietary software development. In 1988, Robert T. Morris Jr., a Cornell graduate student, released a computer virus. The goal of this virus was to propagate itself across the Internet and to infect as many machines as possible in as little time as possible. The Internet Worm, as it came to be known, was truly successful it infected millions upon millions of machines and essentially shut down the entire Internet for roughly twenty four hours. As a result of his creation and release of the Internet Worm, Robert Morris spent years in courts and paid significant amounts of money in lawyer and court fees, but never went to prison for his actions. The Internet Worm case brings up an extremely important issue that increases in importance each year as the world becomes increasingly networked via the internet and through opposite means should people have access to information close to vulnerabilities in computer systems, or should these vulnerabilities remain secret? At the time that Robert Morris wrote the Internet Worm, there were known vulnerabilities in the UNIX Operating Systems Finger command, and in the Sendmail Daemon, the program responsible for transmitting electronic mail from one machine to another. Anyone who had some amount of expertise in the UNIX Operating System knew of these weaknesses, yet no one had made an attempt to fix the problem. Robert Morris apparently viewed this situation as a matter that demand attention, which many people speculate as his reason for creating the Internet Worm. His ingenious virus used these vulnerabilities to attack systems and to propagate itself across the internet. One fact is unimpeachably known. This is the fact that the Internet Worm gave many thousands of computer experts a strong reason to fix these vulnerabilities. It is necessary to realize one important fact about the internet worm virus it was not totally malicious. That is, Morris did not write the virus so that it would try to do any damage to the hardware or software of the machines it infected.