There are no ethics between two diametrically opposed vendors, he argued. “Imagine if a company found that their product was used to bypass Microsoft Defender, a common defensive tool,” he said. “Is there an ethical obligation to immediately warn Microsoft? Or, is it the responsibility of Microsoft to monitor the environment, identify failures of its own tool, reverse engineer WHY the failure took place, and then alter Defender to compensate for the new attack? Clearly, Microsoft has always assumed the responsibility of looking after its own tool, and making it effective at its job.
“In the same way, Elastic is not responsible to go to Shellter to tell Shellter how their tool is being used, or how they can detect it,” he wrote.
“Shellter has not made its case,” Beggs maintained. “There is no ‘ethical violation’. Elastic did a great job of finding the ‘enemy’ and should enjoy the reward of reporting this to the world. Shellter has tried to take the high moral road, apologizing to its customers for ‘the inconvenience this may have caused’. What inconvenience? Someone else misused a product that does not impact any other customer in any way.
