RE:第三缩短网络犯罪条约草案声明

我一直沉默的观察者在讨论到目前为止,但现在必须说出来(好吧,史蒂夫,你可以将我移动到另一个类别,现在,))说我非常正* *这样声明。我特别喜欢更简洁的消息。它侧重于一个简单的消息,简明扼要。我也支持这种说法。我认为最后一句“此外,我们敦促,适当的法律惩治滥用这些工具取代所有权或创建条约的条款”可能有点不清楚。如何加强说这些条款是否应该退出该条约,而应该适当的法律……?- db > - - - - - - - - - - - >从原始信息:戴夫·曼(mailto: dmann@BINDVIEW.COM]>发送:星期三,2000年5月10日49点>:cve-editorial-board-list@lists.mitre.org >主题:第三缩短网络犯罪条约草案声明> > >,> >这是另一个减少在草案。> >注意,我基本上采取斧头为了>缩短它。我Spaf睿智的建议后>尽可能短而简洁的语句(>多余?)。> >其他点……> > 1)的一个主要担忧是>充分披露的概念和公共传播利用>代码。在这个版本中,我试图把美德>这一概念,而不去纠缠的争议>白色帽子/黑帽的问题。> > 2)勒布朗的建议后,我删除东西>直接不是主要的论文。> > 3)我浓缩的几个段落中间>的草案。希望这降低了>的驱避重复本质相同的观点和>缩短了块同时保持,准确。> > 4)我显示比较短的段落>,并添加了一些段落。 > > *********************************************************** > > Dear  > > We are a group of security experts who participate in the Common > Vulnerabilities and Exposures Initiative. This project is a > collaboration between a broad range of responsible computer security > experts and companies to develop a common industry wide set > of names for > the many different vulnerabilities known in computer systems. > As such, > we represent a cross-section of the technical community which works on > computer security vulnerabilities. > > As security experts, we have some technical concerns with respect to > Article 6, which appears to be vague with respect to the use, > distribution, or possession of software that could be used to violate > the security of computer systems. > > We note that it is critically important to the advancement of science > and engineering techniques for computer security professionals to be > able to test software looking for new vulnerabilities, determine > the presence of known vulnerabilities in existing systems, > and exchange > information about such vulnerabilities with each other. Therefore, > most professionals and companies in this field routinely develop, use, > and share scripts and programs designed to exploit vulnerabilities. > In addition, these exploits are often included in commercial tools > used by systems administrators and security experts to test > the security > of their systems. > > It is technically very difficult or impossible to distinguish the > tools used for these legitimate and important purposes from the tools > used by computer criminals to commit unauthorized break-ins. Further, > important tools and techniques are regularly published by previously > unknown individuals or groups. To criminalize their research and > educational activities would be to slow the important progress of > computer security research. > > We are concerned that Article 6 may prevent, impede, or criminalize > such responsible development and use of exploit tools. This would > have the unintended consequence of making computer systems LESS > secure since it would stifle critical computer research, needlessly > hamper > the development of commercial security tools, and ultimately limit the > ability of systems and security administrators to test and validate > the security of their systems. > > We ask that the treaty drafters specifically recognize the legitimate > and important role that the creation and public dissemination of > demonstration code plays in advancing the information security field. > Moreover, we urge that appropriate laws criminalizing the misuse of > such tools replace the ownership or creation clauses of the treaty. > > Signed, > >   > > > "Organizational affiliations are listed for > identification purposes only, and do not necessarily reflect the > official opinion of the affiliated organization." > > > > > > -- > ============================================================== > Dave Mann || e-mail: dmann@bos.bindview.com > Senior Security Analyst || phone: 508-485-7737 x254 > BindView Corporation || fax: 508-485-0737 >