RE: 5——网络犯罪公约草案声明

这是好看。————从原始信息:戴夫·曼(mailto: dmann@BINDVIEW.COM]发送:星期三,2000年5月10日下午2:41:cve-editorial-board-list@lists.mitre.org主题:5——网络犯罪公约草案声明,下面是第五版本和最后我今天可以处理。这个版本是由马特主教。仅是作家缩短并澄清几点。国际海事组织,我认为站进一步缩短,但是我今天没有时间投入。可能其他人也继续把版本号放在他们的编辑,这样我们可以跟踪更改吗?谢谢!戴夫- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =戴夫·曼| |电子邮件:dmann@bos.bindview.com高级安全分析师| |电话:508-485-7737 x254 BindView公司| |传真:508-485-0737 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =亲爱的<公约起草者>我们是一群的安全专家参与共同弱点和风险敞口倡议。这个项目是一个合作广泛的计算机安全专家和负责公司开发一套共同的行业名称的许多不同的漏洞在计算机系统。因此,我们代表的工作计算机安全漏洞的技术社区。专家、教育者和从业人员的信息安全,我们希望注册我们的担忧欧洲理事会的条约草案犯罪在网络空间。 Portions of the proposed treaty may result in criminializing practices and tools commonly used in making computer systems resistant to attack. If signatory states pass legislation to implement the treaty, they will endanger the security of their computer systems because professionals will not be able to protect those systems adequately. They will also hinder the education of the next generation of information protection specialists. Critical to the protection of computer systems and infrastructure is the ability to test software for new vulnerabilitities, determine the presence of known vulnerabilities in existing systems, and exchange information about such vulnerabilities. Professionals and companies routinely develop, use, and share tools designed to exploit vulnerabilities. Commercial tools for system administrators and security experts include these exploit tools. Academic institutions use these tools and techniques to educate students and in research to develop new and better defenses. Our experience convinces us that impossible to reliably distinguish between tools used in computer crime and instances of tools used for the legitimate purposes described above. Article 6 of the treat is vague with respect to issues of use, distribution, or possession of software that could be used to violate the security of computer systems. Enabling legislation that criminalized tools or their uses would affect practitioners, researchers, and teachers, and would slow the important progress of computer security research. We agree that breaking into computer systems is wrong. But, we do not want the treaty, and the resulting legislation, to impede the development and application of good security measures. We are strongly in favor of criminalizing inappropriate behavior, but we urge the Council to avoid criminalizing the development, use, and distribution of tools that are important to professionals -- in commerce, academia, and government -- who are working to prevent misuse. We ask that the treaty drafters specifically recognize the legitimate and important role that the creation and public dissemination of demonstration code plays in advancing the information security field. Moreover, we urge that appropriate laws criminalizing the misuse of such tools replace the ownership or creation clauses of the treaty. Signed,   "Organizational affiliations are listed for identification purposes only, and do not necessarily reflect the official opinion of the affiliated organization."