Zero Days, One Obligation

Abstract

This thesis set out to apply the moral principle of utilitarianism to the policy problem associated with zero-day vulnerabilities. These vulnerabilities can be understood as errors in coding that are potentially exploitable and unknown to either the creators or users of the software. If attack vectors related to zero-day vulnerabilities are completely dependent upon correctable coding errors, what should policy require when the U.S. government detects a zero-day vulnerability? Should it be disclosed publicly so it can be patched or restrict knowledge of it so it can be weaponized? This thesis applied revisionist John Stuart Mills unique and nuanced description of utilitarianism to the Vulnerabilities and Equities Policy and Process (VEP) to evaluate what aspects of the policy fulfilled Mills moral code and what areas could be improved. The improvement recommendation is made on strictly moral terms. This thesis acknowledges while moral policy has undeniable benefits, there are times where the moral can come at the expense of the strategic, and national interests can be compromised. Ultimately, much like the VEP, this thesis recommends balance.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2019
Accession Number
AD1073579

Entities

People

  • Anthony Akil

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Civil Rights
  • Commerce
  • Congress
  • Cybersecurity
  • Cyberspace Operations
  • Department Of State
  • Governments
  • Information Systems
  • Intellectual Property
  • Intelligence Community (United States)
  • International Law
  • International Relations
  • Law
  • National Politics
  • National Security
  • Online Communications
  • United States Government

Readers

  • Military History of the United States in the 20th Century.
  • Strategic Security Studies
  • Systems Analysis and Design