Security Ethics? Are there any?

I have a list of websites that I read as part of my morning ritual just like everybody else. It helps fritter away the first few minutes of the day as I wait for my tea to cool to a drinkable temperature. Like most of the people who visit my little blog here you probably also read Slashdot. The stories are usually interesting enough to hold my interest while waiting for the aforementioned tea. (Red if you must know.) Today however, was posted a very rare treat, (for /. anyway) an extremely interesting and informative comment thread regarding Security Ethics. An important topic that isn’t discussed very often outside of vulnerability disclosure. Considering just how valuable Security people and IT workers in general are to a company (despite what your boss might think) it is important to maintain a high level of ethical behavior while at the same time remaining gainfully employed. Especially when all to often those two tasks seem diametrically opposed. This balancing act has forced myself to change employment more than once. The discussion thread on Slashdot provides some interesting horror stories, sage advice, and ammusing ancedotes about what really goes on during those SOX, SAS-70, 404 etc.. audits that the big companies (and governments) are so fond of.