再保险:网络犯罪公约

看来可以在草案文本http://www.politechbot.com/docs/treaty.html。文本在第六条禁止”设备,包括计算机程序、设计或调整(具体)[主要](特别是)为目的的任何肇事建立依照第二条“定义非法访问。>(史蒂夫的许可),我们想要其他>董事会成员的观点在这个问题上,并问如果我们能生产联合>声明谴责不道德的使用开发代码,但画>注意它的许多legitamate用途信息共享。我认为这是合理的在本论坛讨论这个问题,因为它显然适用于信息共享和可能对CVE产生影响。例如,有时我们需要确定两个错误都是一致的。当错误类似,看相关的利用能回答这个问题。这个可以确定最终CVE多少条目。提出了一些CVE候选人没有很多技术细节。我相信,斯科特和迈克普罗塞已经投票反对或者至少审查候选人由于缺乏信息,即使在这种情况下,供应商已确认一个顾问的问题。我还没有命名的内容决定解决这个问题:-)但是一些下面的样品。 Adam and Scott, are you asking the Editorial Board to make a statement as an entity, or are you asking individuals to join with you? I believe that some Board members may disagree (either in their own position or their company's), so it may be difficult to get consensus on a statement from the entire Board. >Imagine how hard it will be to verify the existance of a vulnerability >in Windows without exploit code. Now, there are clearly problems with >script kiddies that need to be addressed in some way. I've seen some remote buffer overflow exploits that assume that a small program has already been created on the target machine, which could conceivably allow admins to test their own systems, and researchers to analyze the nature of the vulnerability, without giving script kiddies a free shell. The question is, would this sort of "exploit" be prohibited under Articles 6 and 2? - Steve