[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Board] "Official" Information sharing

I don't want to start discussion here, but I think that this may be of
substantial interest to CVE members on several levels.  The gist of
the story is that certain types of information sharing with the
government would be exempted from FOIA.  The first interest is to
ensure that Mitre understand how this might affect information sharing
with its government partners and sponsors.  The second is to ensure
that nothing in the bill creates a special status for ISACs that would
damage the CVE effort.  The third is that I'm concerned that this
encourages a mindset of 'security information ought be kept to the
good-guys,' and I'm concerned about such things being enshrined in
laws.  I know that we have a spectrum of opinions on this issue, and
don't want to open the can of worms.  I'll accept one strongly worded
remand from Marcus, though. ;)

(If there is a desire for discussion, I'll remind people that we have
cve-banter@homeport.org as a private, unofficial discussion place.
majordomo@ to subscribe.)



> A leading cybersecurity lawmaker said Monday that he would introduce
> legislation to exempt from the Freedom of Information Act businesses
> that share information on computer intrusions with the government.
> Sen. Robert Bennett, R-Utah, said such a move is essential to help
> safeguard the Internet from hackers and cyber terrorists.
> The bill, which Bennett said he would introduce within the next 45
> days, would draw upon his experiences as chairman of the Senate's
> now-disbanded Y2K Committee in fighting threats to keep America's
> computer networks open. Bennett's remarks came as he delivered the
> opening keynote speech at the Electronic Industries Alliance's
> conference in Washington.

"It is seldom that liberty of any kind is lost all at once."

Page Last Updated or Reviewed: May 22, 2007