Caveman me: “Common ground good. Compromise bad.”

CJ - ass kicking comment, and yet, you quote country music at me!

That being said, there are times when public disclosure outside the bounds of responsible disclosure is necessary. If one is to go that route and is in the profession, they’d better have a pre-published exception process to their normal responsible disclosure. If they aren’t “in the biz” and making money from disclosure, then it doesn’t much matter what ethics they follow as arguing it is as productive as Chevy vs. Ford, or Tastes Great; Less Filling.

As my organization’s ISO, ethics drive everything I do. In a position of enacting sometimes controversial standards and controls around them, it is imperative that we eat our own dog food lest we fritter what little credibility we have away.

I’m one of the lucky few that aren’t beholden to any specific code as part of belonging to a particular credentialed society such as ISACA, (ISC)2, etc., and can ensure that my personal ethics, which I (of course) believe to be substantial, are employed in full force. Given my upbringing, those personal ethics are fairly black and white. Having that kind of clarity is vital when conveying objective risks to the business when you have to buck the trend of convenience and least cost.

To quote Toby Keith, “You may not like where I’m going, but you sure know where I stand”. Reasonable minds can disagree. If you are consistently ethical (whatever that means to you) and don’t compromise, you can speak from a position of authority when challenged.

I got 8900