|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: v 5.4 - from Dave Mann
We could just not distinguish, and let the disclaimer apply to everyone. In my case, I could get Howard Schmidt to weigh in - he's about as high up the operational security food chain as you can get here at MS. > -----Original Message----- > From: Andy Balinsky [mailto:balinsky@CISCO.COM] > Sent: Thursday, May 11, 2000 9:53 AM > To: cve-editorial-board-list@lists.mitre.org > Cc: Kevin J. Ziese > Subject: Re: v 5.4 - from Dave Mann > > > I agree with all the statements about quality over quantity of treaty > signers. Inclusion of a public forum which includes individuals of > potentially questionable hat color detracts from the statement. > > That said, I'd like to comment about the statement at the end > regarding > affiliations. How do we disclaim those who wish NOT to speak > for their > organizations, but still note people who are speaking FOR their entire > organization. For e.g., if Kevin and I speak for ourselves, and David > speaks for the entire Microsoft hegemony, (or vice versa, > since Cisco is a > Fortune 4 company, too) how do we indicate that, without > having to put Steve > Ballmer, CEO as the signatory. > > Kevin Ziese and I propose the following > > Two signatory columns, one for individuals, one for > organizations. If you > and your org agree, you can show up in both columns. This has several > advantages: > 1) It allows people to sign on independent of their org's approval. > 2) It allows us to demonstrate approval from official bodies > (like companies > and universities) > 3) It allows a company who won't give approval to be > conspicuously absent > from the organization column, even though Joe Scientist, > working for that > company has signed the letter in the other column. > > Andy > > ----- Original Message ----- > From: "Dave Mann" <dmann@BINDVIEW.COM> > To: <cve-editorial-board-list@lists.mitre.org> > Sent: Thursday, May 11, 2000 10:14 AM > Subject: v 5.4 - from Dave Mann > > > > Tinkering with Spaf's last version. > > > > Changes include: > > * Word count driven down to 368 (I tried to retain meaning) > > - In particular, note the hack job I did on paragraphs 2 and 5 > > * Attempted to strengthen some a few passages > > - Replaced "register our opinions" with "register our misgivings" > > in lead sentence > > - Replaced "computer users... may not be able to > adequately protect" > > with "computer users... will not be able to adequately protect" > > in second paragraph > > * Added (undue?) influence of marketing "add speak" by > > - shortening/breaking apart sentences and paragraphs > > - adding bullets to add emphasis > > > > I am super impressed with all of the work that took place > > since I left work last night. In my (not so) humble opinion, I > > think this is looking really, really good and I would consider > > it very close to final. My only suggestion at improving it would > > be to drive the word count down further. > > > > 'best, > > > > Dave > > > > -- > > ============================================================== > > Dave Mann || e-mail: dmann@bos.bindview.com > > Senior Security Analyst || phone: 508-485-7737 x254 > > BindView Corporation || fax: 508-485-0737 > > ============================================================== > > > > > > Greetings: > > > > As leading security practitioners, educators, vendors, and users of > > information security, we wish to register our misgivings about the > > Council of Europe draft treaty on Crime in Cyberspace. > > > > We are concerned that portions of the proposed treaty may result in > > criminalizing techniques and software commonly used to make computer > > systems resistant to attack. Signatory states passing > legislation to > > implement the treaty may endanger the security of their computer > > systems since computer users in those countries will not be able to > > adequately protect their computer systems and the education of > > information protection specialists may be hindered. > > > > Critical to the protection of computer systems and infrastructure is > > the ability to > > * Test software for weaknesses > > * Verify the presence of defects in computer systems > > * Exchange vulnerability information > > > > System administrators, researchers, consultants and companies all > > routinely develop, use, and share software designed to > exercise known > > and suspected vulnerabilities. Academic institutions use these > > tools to educate students and in research to develop improved > > defenses. Our combined experience suggests that it is impossible > > to reliably distinguish software used in computer crime from that > > used for these legitimate purposes. In fact, they are often > > identical. > > > > Currently, article 6 of the draft treaty is vague regarding the use, > > distribution, and possession of software that could be used to > > violate the security of computer systems. We agree that damaging or > > breaking into computer systems is wrong and we unequivocally support > > laws against such inappropriate behavior. We affirm that a > goal of the > > treaty and resulting legislation should be to permit the > development > > and application of good security measures. However, > legislation that > > criminalizes security software development, distribution and use > > is counter to that goal, since it would adversely impact security > > practitioners, researchers, and educators. > > > > Therefore, we respectfully request that the treaty drafters remove > > section a.1 from article 6, and modify section b accordingly; the > > articles on computer intrusion and damage (viz., articles 1-5) are > > already sufficient to proscribe any improper use of security-related > > software or information. > > > > Please do not hesitate to call on us for technical advice in your > > future deliberations. > > > > Signed, > > > > <name> > > <title> > > <affiliation> > > > > > > "Organizational affiliations are listed for identification purposes > > only, and do not necessarily reflect the official opinion of the > > affiliated organization." > > >
|
||||
