ZERO DAYS, ONE OBLIGATION
Huntley, Wade L.
Tully, David M.
MetadataShow full item record
This thesis set out to apply the moral principle of utilitarianism to the policy problem associated with zero-day vulnerabilities. These vulnerabilities can be understood as errors in coding that are potentially exploitable and unknown to either the creators or users of the software. If attack vectors related to zero-day vulnerabilities are completely dependent upon correctable coding errors, what should policy require when the U.S. government detects a zero-day vulnerability? Should it be disclosed publicly so it can be patched or restrict knowledge of it so it can be weaponized? This thesis applied revisionist John Stuart Mill’s unique and nuanced description of utilitarianism to the Vulnerabilities and Equities Policy and Process (VEP) to evaluate what aspects of the policy fulfilled Mill’s moral code and what areas could be improved. The improvement recommendation is made on strictly moral terms. This thesis acknowledges while moral policy has undeniable benefits, there are times where the moral can come at the expense of the strategic, and national interests can be compromised. Ultimately, much like the VEP, this thesis recommends balance.
Approved for public release. distribution is unlimited
Showing items related by title, author, creator and subject.
Bensing, Richard G. (Monterey, California. Naval Postgraduate School, 2009-09);Growing asymmetric threats, such as international terrorism, have replaced the hostile nation-state as the adversary of choice. As embodied by the September 11 attacks, the United States now faces enemies that seek to ...
Shaffer, Alan B. (2008);Unauthorized information flows can result from malicious software exploiting covert channels and overt flaws in access control design. To address this problem, we present a precise, formal definition for information ...
Weir, Kellie J. (Monterey, California: Naval Postgraduate School, 2018-03);This thesis examines whether implementing a national voter registration list and a biometric identity verification program can prevent or mitigate voter fraud in an effort to protect the right to vote for U.S. citizens and ...