CP373: Ethics and Professional Practice Qutaiba Albluwi – Winter 2022
A6: Cybersecurity Ethical Issues
If you attended both sessions type the following sentence in the white box:
“I certify that I attended both sessions of Module 6”
If you attended only one session type the following sentence:
“I certify that I attended one session of Module 6, which was on <day>”
If you were absent in both sessions, then you cannot submit this report.
I certify that I attended both sessions of Module 6
Notes:
- You need to fully complete this sheet, even if you have missed one session.
Part I: Zero day vulnerability
[1] What are zero-day vulnerabilities?
Zero-day vulnerabilities are newly found vulnerabilities in which hackers use a hole in a
computer system to launch a cyberattack. Any virus detection software would miss this
because it only looks for known programs.
[2] List two points that you learnt (or found interesting) from the short documentary
screened in class.
1) Market for holding many individuals’ security hostage
2) Governments trading for zero-day attacks information
[3] If someone discover a zero-day vulnerability, in your opinion what is the most ethical
decision to make (report, not report, sell, …etc).
If someone discovered a zero-day vulnerability, I'd make a judgement on whether to
report based on the impact of the zero-day vulnerability. If it's from a higher scale, I'd
report it, but if it's something minor, I wouldn't.
[4] There are several markets that operate today for selling and buying “zero-day”
vulnerabilities. List one advantage and one disadvantage for such markets.
- Advantage: may allow systems to be safer after trading occurs and the issue is
notified to the right people
- Disadvantage: person can do whatever they want with the information
purchased, and there would be nothing we can do over it
1
A6: Cybersecurity Ethical Issues
If you attended both sessions type the following sentence in the white box:
“I certify that I attended both sessions of Module 6”
If you attended only one session type the following sentence:
“I certify that I attended one session of Module 6, which was on <day>”
If you were absent in both sessions, then you cannot submit this report.
I certify that I attended both sessions of Module 6
Notes:
- You need to fully complete this sheet, even if you have missed one session.
Part I: Zero day vulnerability
[1] What are zero-day vulnerabilities?
Zero-day vulnerabilities are newly found vulnerabilities in which hackers use a hole in a
computer system to launch a cyberattack. Any virus detection software would miss this
because it only looks for known programs.
[2] List two points that you learnt (or found interesting) from the short documentary
screened in class.
1) Market for holding many individuals’ security hostage
2) Governments trading for zero-day attacks information
[3] If someone discover a zero-day vulnerability, in your opinion what is the most ethical
decision to make (report, not report, sell, …etc).
If someone discovered a zero-day vulnerability, I'd make a judgement on whether to
report based on the impact of the zero-day vulnerability. If it's from a higher scale, I'd
report it, but if it's something minor, I wouldn't.
[4] There are several markets that operate today for selling and buying “zero-day”
vulnerabilities. List one advantage and one disadvantage for such markets.
- Advantage: may allow systems to be safer after trading occurs and the issue is
notified to the right people
- Disadvantage: person can do whatever they want with the information
purchased, and there would be nothing we can do over it
1
