第三缩短网络犯罪条约草案声明

所有,这是另一个草案。注意,我已经基本上被斧头为了缩短它。我Spaf睿智的建议后,使尽可能短而简洁的语句(是多余的吗?)。其他点……1)的一个主要问题是充分披露和公共传播的概念开发代码。在这个版本中,我试图把这一概念的优点,而不去纠缠在有争议的白色帽子/黑帽的问题。2)勒布朗的建议后,我不直接删除东西的主要命题。3)我浓缩的几个段落中间的草案。希望这减少了重复的驱避本质相同的观点和缩短了块同时保持更准确。4)我显示比较短的段落和添加了一些段落。 *********************************************************** Dear  We are a group of security experts who participate in the Common Vulnerabilities and Exposures Initiative. This project is a collaboration between a broad range of responsible computer security experts and companies to develop a common industry wide set of names for the many different vulnerabilities known in computer systems. As such, we represent a cross-section of the technical community which works on computer security vulnerabilities. As security experts, we have some technical concerns with respect to Article 6, which appears to be vague with respect to the use, distribution, or possession of software that could be used to violate the security of computer systems. We note that it is critically important to the advancement of science and engineering techniques for computer security professionals to be able to test software looking for new vulnerabilities, determine the presence of known vulnerabilities in existing systems, and exchange information about such vulnerabilities with each other. Therefore, most professionals and companies in this field routinely develop, use, and share scripts and programs designed to exploit vulnerabilities. In addition, these exploits are often included in commercial tools used by systems administrators and security experts to test the security of their systems. It is technically very difficult or impossible to distinguish the tools used for these legitimate and important purposes from the tools used by computer criminals to commit unauthorized break-ins. Further, important tools and techniques are regularly published by previously unknown individuals or groups. To criminalize their research and educational activities would be to slow the important progress of computer security research. We are concerned that Article 6 may prevent, impede, or criminalize such responsible development and use of exploit tools. This would have the unintended consequence of making computer systems LESS secure since it would stifle critical computer research, needlessly hamper the development of commercial security tools, and ultimately limit the ability of systems and security administrators to test and validate the security of their systems. We ask that the treaty drafters specifically recognize the legitimate and important role that the creation and public dissemination of demonstration code plays in advancing the information security field. Moreover, we urge that appropriate laws criminalizing the misuse of such tools replace the ownership or creation clauses of the treaty. Signed,   "Organizational affiliations are listed for identification purposes only, and do not necessarily reflect the official opinion of the affiliated organization." -- ============================================================== Dave Mann || e-mail: dmann@bos.bindview.com Senior Security Analyst || phone: 508-485-7737 x254 BindView Corporation || fax: 508-485-0737