Ethics in Cybersecurity


Do you think the vulnerability(ies) exploited by the APT28 an ethical failure by the defender? Why or why not?


For the APT28, were there identifiable harms to privacy or property? How are these harms linked to C-I-A?  



For the APT287, when the targeted organization identified the breach, was the disclosure made with transparency? Do you feel the organization acted ethically? Why or why not?