Security News > 2021 > April > Ethics isn't a county east of London, but it's the only way to look at security
The trouble with good ideas is that, taken together, they can be very bad. It's a good idea to worry about supply chain malware injection - ask SolarWinds - and a good idea to come up with ways to stop it.
It's even a good idea to look at major open-source software projects, such as the Linux kernel, with their very open supply chain, and ask - is this particularly vulnerable? After all, a poisoned Linux kernel would be bad enough to make people forget SolarWinds.
Guess what? If you have all of those good ideas and decide to test the Linux kernel supply chain by poisoning it: you have had a bad idea.
All these people, Minnesota ethics review board, are humans.
It's not as if you can't find an ethical way of testing supply chain security, or teaching people about not clicking on links, or comprehensively destroying the very heart of an industry based, in the end, on love - no, scratch that last one.
The rest of us, the people who make the decisions that affect others and who, in our turn, are affected, must recognise that respect for humanity in IT isn't a burden, it's a way to work better.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/04/26/column_security_ethics/