• Integrity without knowledge is weak and useless, and knowledge without integrity is dangerous and dreadful

    Samuel Johnson - Rasselas [The Astronomer]
  • Integrity is a guardian of vulnerability.

Home Ethics


Ver. 0.1.2, August 24th 2016


The Zeronomicon Code of Business Ethics — hereinafter referred as the Ethics Code — describes the ethical principles and standards as applied to the conduct of business at Zeronomicon.

The Ethics Code is publicly available and addressed to anyone with an interest in the Company's activities and the way it does business.

This document comprises six General Principles and the corresponding Ethical Standards.


This section discusses the aspirational goals aimed at guiding and inspiring the conduct of business at Zeronomicon. General Principles underpin the Zeronomicon Ethical Standards and, in contrast to them, do not represent obligations.

Principle A: Respect Human Rights — Clean Hands

Zeronomicon respects all human rights proclaimed by international human rights treaties, including The International Bill of Human Rights, and strives to ensure no complicity in any human rights abuses.

Principle B: Do Not Pose a Danger to Human Health

Zeronomicon champions the health of human beings and commits to do not enable its Customer entities with capabilities that may pose a direct danger to human health.

Principle C: Avoid Conflicts of Interest

Zeronomicon strives to benefit those with whom it does business and takes care to avoid possible conflicts of interest that could cause the Company, its Employees, or Contractors to pursue goals not in the interest of Zeronomicon business peers.

Principle D: Obey the Law

Zeronomicon complies with all applicable legal requirements and understands the major laws and regulations that apply to its business, including laws related to: trade controls, anti-bribery, competition, and insider trading.

Principle E: Preserve Confidentiality

Zeronomicon protects the confidentiality of the identity of entities it does business with and the the confidentiality of the information and intellectual properties received from, or provided to, its business peers in the fulfilment of its Service. At the same time, Zeronomicon recognizes that the extent and limits of confidentiality may be regulated by applicable laws and regulations.

Principle F: Doctrine of Double Effect

Zeronomicon acknowledges that the cybersecurity capabilities it provides may be used within goods that, just like any and all information security tools, are inherently dual purpose and potentially dual use, and therefore may serve also military purposes, police investigations and the like; the military use of the traded capabilities may have a double effect: the intended effect and the foreseen but genuinely unintended consequence. While discouraging against harmful side effects, Zeronomicon acknowledges the inherent duality of the effects resulting from the use of those capabilities and accepts to trade them, unless they are in conflict with other principles set forth in the present Ethics Code.


This section sets forth the enforceable rules for the conduct of business at Zeronomicon. The Ethical Standards are dynamic and subject to updating. Therefore the set of standards set forth below is not meant to exhaustive and no assumption should be made on the ethical soundness of conducts not specifically addressed by the current Ethical Standards.

Standard 1: Vetting and Monitoring of Customers

Zeronomicon does not engage in any business with entities known for abusing human rights and reserves the right to suspend or cease business operations with entities found to be involved at a later time in human rights abuses.

Standard 2: Inadmissible Capabilities

Zeronomicon does not engage in any trade of capabilities that exploit vulnerabilities in medical devices or in systems to which human life is entrusted, unless the Vendor of the affected device or system is the Acquiring Entity or the Acquiring Entity was authorised by the Vendor to be the recipient of the vulnerability disclosure process, vulnerability information, or risk mitigation strategy.

Standard 3: Trade Secrets

Zeronomicon never trades in stolen trade secrets, and requires its suppliers to certify that they have independently found the vulnerability and autonomously developed any related technology, and that they are not employees of the targeted software manufacturer, nor have they received access to the confidential information through a disclosure by the same.

Standard 4: Conflict of interests and overexploitation

Zeronomicon will protect the value of the traded capabilities and specifies the maximum number of entities to which the same capabilities may be sold, within a given time-frame (unless in case the capabilities are intended for risk prevention). Furthermore, Zeronomicon strives not to sell a vulnerability to one party, and the technology to defend against that vulnerability to another party which is a likely target of the first.

Standard 5: Unintended Use

Zeronomicon prohibits its Employees and Contractors to use the information or the capabilities, traded in the fulfilment of its Service, for the pursuit of personal goals. Authorised personnel shall use such capabilities only to test and validate them, and more generally only for research and development purposes.

Standard 6: Exporting

Zeronomicon complies with trade laws controlling where the Company can send products and services, strives to meet the criteria required to hold export licenses, where applicable, and stays alert to changes to the applicable export licensing systems.

Standard 7: Maintaining Confidentiality

At the extent and limits regulated by applicable laws and regulations, Zeronomicon preserves the confidentiality of the identity of entities it does business with. Zeronomicon restricts access to the information and the intellectual property received from or provided to its business partners on a need-to-know basis, enforcing a principle of least privilege.

Standard 8: Duality

Zeronomicon acknowledges that the provided cybersecurity capabilities can be used within goods that are inherently dual purpose and accept to supply them, as long as it is foreseeable that those capabilities will be used only for legitimate purposes in line with international standards for the respect of human rights, and unless their trade is in conflict with principles set out in the present Ethics Code.