The SAGE list seems like a good guideline, but there's not enough coverage
of the ethics of what goes on on the technical end of things. Using an
example from somewhere I worked in the past, my boss was rather proud that
one of the sys admins had launched counter-attacks on people who had
attempted to break into the system. I would consider something like that an
ethical dilemma at best, an ethical violation at worst - that's really not
the sort of thing a sys admin should be doing with their employer's
resources. As another example, I was the sys admin at a small ISP. The
accountant knew a separated married couple who both had accounts with us.
The wife called and asked that an email she had sent to her soon-to-be ex be
deleted before he could read it. The accountant asked me to comply; I flat
out refused because that would violate the husband's privacy. I haven't run
into this (yet), but I could imagine a scenario where a sys admin would
install backdoors for him/herself in the event he/she is terminated, or
exploit known weaknesses in the system, or make a copy of the hashed
password file for off-site cracking. Those sort of activities, if
discovered, should be the sort of thing that leads to revocation of
professional certification.
I'll also offer this as an example. I run a film review site
(www.dvdverdict.com). Several years ago, one of my staff members was caught
plagiarizing a review. The evidence was plain as day, and he confessed to
doing it. He (and I) happened to be part of a film critics society. After I
terminated the staff member, I presented them with the evidence. They did
nothing; they wanted to see a pattern of behavior, and one obvious act of
plagiarism wasn't enough for them. I wound up resigning; I didn't want to be
part of a group that didn't hold its members to a high enough standard.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, September 07, 2005 06:00
Subject: [BSDCert] code of ethics
Two questions for the list:
1. Do you guys think there is any value to employers if testing candidates
are required to adhere to a "code of ethics"? Would it help deal with the
misperception that Open Source is not well structured? Or is it just so
much fluff?
2. If there were to be a "BSD Administrator's Code of Ethics", what should
be in it?
Here are some other organization's codes of ethics to get us started:
CISSP: https://www.isc2.org/cgi-bin/content.cgi?category=12
SAGE: http://www.sage.org/ethics.mm
ACM: http://www.acm.org/constitution/code.html
IEEE:
http://www.ieee.org/portal/site/mainsite/menuitem.818c0c39e85ef176fb2275875bac26c8/index.jsp?&pName=corp_level1&path=about/whatis&file=code.xml&xsl=generic.xsl;jsessionid=DpgDH6m8VnJX1JpL85DpZNpm3cMklCvtGJW32vJfx2RvkhFwp3v1!-1349364154
And a general guide to writing a code of ethics:
http://www.ethicsweb.ca/codes/
Dru
_______________________________________________
BSDCert mailing list
[email protected]
http://lists.nycbug.org/mailman/listinfo/bsdcert
_______________________________________________
BSDCert mailing list
[email protected]
http://lists.nycbug.org/mailman/listinfo/bsdcert
