In your copious spare time during your senior year at this university, you develop an application that allows its users to check their credit ratings hassle-free. The application quickly takes off, and after graduating (and you WILL graduate – unlike other billionaire CEOs who couldn’t be bothered to earn their degree) you find investors to expand the company to an online credit reporting company which you name Credit Where It’s Due. You are the CEO, and have hired several dozen employees to expand the business. The first year is so successful that in your first 18 months your business has taken over about 45% of the credit reporting business, and is working to gain a larger share. Soon after, you are approached by one of your developers whom you have tasked to make some tweaks to the online application.
After looking through the code and making the changes, your employee noticed that there is a security hole in the software. It doesn’t appear that the vulnerability has been exploited yet, but you are told it is only a matter of time. (The employee learned about this vulnerability a few weeks earlier when attending a computer security conference.) Because of this vulnerability, hackers could potentially download credit card information, bank account numbers, social security numbers, and other information that they can use to steal billions of dollars from unknowing consumers. An unfortunate aspect of this vulnerability is that there is no quick patch that can be applied to the software. It will need to be rewritten from scratch, a process that could take over 9 months.
You realize that if the database program is taken offline (to protect the consumer information), it would be the death-knell for your company. It would go out of business before the replacement program could be written. If you decide to keep the program up and running, there is a chance that the vulnerability can be repaired before the original program is exploited.
However, if a hacker breaks into the system before it is fixed, there will be great damage to consumers, and it will likely bring the end of your company since you will be blamed by the public at large for not shutting down the application when there was a chance to protect consumer information.
Come up with an answer to how would you handle this situation with 300+ words. Will you take the system offline or try to fix the problem before the flaw is exploited? What are the factors on which you are basing your decision?
You can make some assumptions to come to your decision, but be sure to state them, and explain why they matter to your final decision. Are you comfortable with your final decision?
Once you have made your decision, pick one of the five main ethical theories (not principles from the SECEPP – although you may wish to refer to them for Part I) discussed during previous weeks and apply it to your decision.
The five theories you can choose from are: Deontology (or Kantianism), Act Utilitarianism, Rule Utilitarianism, Social Contract Theory, and Virtue Ethics. How does the chosen theory apply to this situation? Is your decision ethical?
Write a posting that describes the thought process you went through to make your decision, and also your analysis of your decision using the chosen ethical theory.
Your posting may be read by others who disagree with you, so make sure you make the strongest arguments you can, and your best analysis of the ethical theory.