Security researchers often use conference platforms such as DefCon and RSA to announce newly discovered security tools or vulnerabilities. Often these are controversial and invite careful ethical reflection on the harms of benefits of such disclosures, and the competing interests involved.

Here are two examples to compare and consider from an ethical standpoint:

A. At DefCon 2016, security researcher Anthony Rose presented the results of his testing of the security of products in the emerging market for Bluetooth-enabled door locks. He found that of 16 brands of locks he purchased, 12 had profoundly deficient security, including open transmission of plain-text passwords, the ability to easily change admin passwords and physically lock out users, and vulnerability to replay attacks and spoofing. Some of the locks could be remotely opened by an attacker a half-mile away.

Of the manufacturers Rose contacted, only one responded to his findings. Another shut down its website, but continued to sell its product on Amazon.

B. At Defcon 2017, two members of Salesforce's "Red Team" of offensive security experts were scheduled to present (under their Twitter handles rather than their professional names) details of their newly developed security tool Meatpistol. Meatpistol is an automated 'malware implant' tool designed to aid security red teams in creating malware they can use to use to attack their own systems. This is turn should allow them to better learn their own systems' vulnerabilities and design more effective countermeasures.

Meatpistol functioned more or less as any malware tool does, able not only to generate code to infect systems, but to steal data from them, as well. However, the tool reduced the time needed to create new forms of malware from days to mere seconds!

The two members of Salesforce's offensive security team planned to make Meatpistol's code public after the event with the view that as an open source tool, it would allow the community of security researchers to improve upon it further. However, as with any malware tool, making it open source would have inevitably invited bad-hackers to use it for malicious purposes.

Just prior to the event, an executive at Salesforce instructed the team not to release Meatpistol's code, and shortly thereafter, instructed them to cancel the previously approved presentation altogether. Disobeying this "order", the team presented anyway, after which they were summarily fired by Salesforce! Meatpistol's code was not released.

https://www.engadget.com/2016/08/10/researcher-finds-huge-security-flaws-in-bluetooth-locks/

Assignment PART 1: (35%)

Consider the two cases above. For each case (A, B) separately, complete the following charts. Use ethics from everywhere, not just the ACM. Use bullet points.

Case A		Individual's Perspective (Anthony Rose, Buyers of the Door Locks	Organization's Perspective (Manufacturers of the Locks)	Society's Perspective
		About 250 words	About 250 words	About 250 words

Case B		Individual's Perspective (Red Team Members, Security Professionals at Conference)	Organization's Perspective (Salesforce)	Society's Perspective
		About 250 words	About 250 words	About 250 words

Note: Bullet points should be used. Content and ideas are what is important. Can use a separate sheet if desired.