再保险:网络犯罪公约

“Steven m . Christey”写道:>还没有发送任何反对我,我把这个问题>几个董事会成员,我认为可能有问题(一个是>看着它,其他没有回应)。可能使>通用语句如“这个项目太模糊,这是为什么”>可以通过贡献的成员同意,和良性足够>等待的可能不介意。这里有一些快速文本,我想,我似乎没有踏板的脚趾到目前为止所提出反对意见。亲爱的<公约起草者>我们签名者<多数,,. .>of the board of the Common Vulnerabilities and Exposures project. This project is a collaborative project by a range of responsible computer security companies and experts to develop a common industry-wide set of names for the many different vulnerabilities known in computer systems [1]. As such, we represent a cross-section of the technical community which works on computer security vulnerabilities.  has recently come to our attention, and we have some concerns about it, specifically Article 6. We note that it is critically important for computer security professionals to be able to test software looking for new vulnerabilitities, determine the presence of known vulnerabilities in existing systems, and exchange information about such vulnerabilities with each other. Therefore, most professionals and companies in this field routinely develop, use, and share scripts and programs designed to exploit vulnerabilities. It is technically very difficult or impossible to distinguish the tools used for this purpose from the tools used by computer criminals to commit unauthorized break-ins. We are concerned that Article 6 may prevent, or at least chill, such responsible development and use of exploit tools. We ask that the treaty be reworded such that this is clearly allowed. If, instead, the treaty is used to ban any use of exploit tools, we fear that this will be very counter-productive. Since computer criminals are currently largely beyond the reach of effective law enforcement, they will not be much impacted by new laws banning their tools. However, since legitimate companies and professionals will follow any laws that are put in place as a result of this treaty, our ability to do our jobs will be severely compromised. If we can be of further help in drafting appropriate language, please contact us via .  [1]  -- Stuart Staniford --- President --- Silicon Defense stuart@silicondefense.com (707) 445-4355 (707) 445-4222 (FAX)