再保险:网络犯罪公约

我强烈支持董事会做出这样的声明如果横切感到政治上能够这样做。没有可行的方法来区分利用代码用于合法的扫描、测试和研究,用于犯罪。禁止工具将影响远比地下经营者合法的安全专家,因为我们有义务遵守法律,他们不是。如果人们不能创建和分配利用,不会有很多明确,公开已知的漏洞CVE参照索引。斯图尔特。亚当Shostack写道:> >(这是联合自己的来信,斯科特·布莱克)> >我们想提请董事会关注的新提议的条约>这可能使我们实际上更困难的工作。> >的犯罪化提出了网络犯罪公约显然包括利用代码。这是类似于《千禧年数字版权法》>,我们不得不竭力控制安全legitamate研究。> >想象困难将是验证一个漏洞的存在>在Windows开发的代码。现在,有明显问题>脚本kiddy需要以某种方式解决。 But its not > clear to me that criminalizing research is the right way. We'll draw a > parallel to the Bernstien and Junger decisions, in which 2 appeals > courts have found source code to be protected speech. > > At Netect/Bindview, we create and distributed exploit code to show new > vulnerabilities. That code has never been widely distributed, but > would have violated the proposed treaty. Getting an international > treaty revised will be very difficult, and that will result in a chill > that will make it more difficult to do security research. Given the > poor state of the field today, we would strongly urge that we not chill > research into how to improve security. > > So, we'd like first to draw your attention to this, since we think its a > mistake. Then, (with Steve's permission), we'd like to get the view of > the other board members on this issue, and ask if we can produce a > joint statement deploring the unethical use of exploit code, but > drawing attention to its many legitamate uses for information sharing. > > Adam & Scott > > Adam Shostack, adam@homeport.org > Scott Blake, blake@bindview.com > > Excerpts fromhttp://wired.com/万博下载包news/politics/0, 1283、36047、00. html> > >建议,预计将于2000年12月结束> >,似乎是第一个计算机犯罪条约,将:> > > *犯罪创造,网站上下载,或发布任何> >计算机程序“设计或改编”主要是为了获得> >进入未经许可的计算机系统。> > - - >“很少,任何形式的自由失去了。”>-Hume -- Stuart Staniford --- President --- Silicon Defense stuart@silicondefense.com (707) 445-4355 (707) 445-4222 (FAX)