ZERO DAYS, ONE OBLIGATION
Loading...
Authors
Akil, Anthony
Subjects
zero-day vulnerabilities
vulnerability and equities policy and process
utilitarianism
moral obligation
USG policy
vulnerability and equities policy and process
utilitarianism
moral obligation
USG policy
Advisors
Huntley, Wade L.
Date of Issue
2018-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
This thesis set out to apply the moral principle of utilitarianism to the policy problem associated with zero-day vulnerabilities. These vulnerabilities can be understood as errors in coding that are potentially exploitable and unknown to either the creators or users of the software. If attack vectors related to zero-day vulnerabilities are completely dependent upon correctable coding errors, what should policy require when the U.S. government detects a zero-day vulnerability? Should it be disclosed publicly so it can be patched or restrict knowledge of it so it can be weaponized? This thesis applied revisionist John Stuart Mill’s unique and nuanced description of utilitarianism to the Vulnerabilities and Equities Policy and Process (VEP) to evaluate what aspects of the policy fulfilled Mill’s moral code and what areas could be improved. The improvement recommendation is made on strictly moral terms. This thesis acknowledges while moral policy has undeniable benefits, there are times where the moral can come at the expense of the strategic, and national interests can be compromised. Ultimately, much like the VEP, this thesis recommends balance.
Type
Thesis
Description
Series/Report No
Department
Information Sciences (IS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.