Abstract
The WannaCry ransomware attack that happened in May 2017 represented a turning point for the modern cybersecurity landscape and, at the same time, spawned many lines of ethical debate related to discovering, using, and disclosing software vulnerabilities. This paper discusses ethical lessons from the WannaCry attack; it explores what this might mean for the respective roles and responsibilities of governments, technology companies, and cybersecurity professionals in managing zero-day vulnerabilities. It contemplates the broader implications for society as a whole of such decisions, and tensions between interests of national security and those of global cybersecurity. Ethical frameworks guiding future cybersecurity practices are proposed in the conclusion