Interesting blog post from Steve Lipner: The Security Development Lifecycle : The Ethics of Perfection. He says in conclusion:
What does all this have to do with ethics? Well, I think that given the choice between shipping perfectly secure software (whatever that means) that no customers will use and shipping software with continuously improved security that will actually help customers, the better ethical path is to ship. That’s a controversial view in some circles, but it’s the view I’ve reached after working in the field for the last 35 years or so.