再保险:第二网络犯罪条约草案声明

我喜欢戴夫·曼的最后草案。我支持这个过程史蒂夫概述如下。我熟悉Spaf协调,因为他做了这种事情在过去。但我认为这很重要,这是明确表示,这封信是许多CVE董事会人员的共同努力,而不是Spaf的倡议。我不太确定什么是实际过程收集签名/代言。大概这是协调人定义。斯图尔特。“Steven m . Christey”写道:> >我同意大卫·勒布朗和清单,我们应该提出>最终稿,然后问人签字。我不清楚,>对不起……> >这是我所看到的行动计划,有一些重叠>不同的物品:> > 1)董事会成员参与完成并同意声明> > 2)每个参与董事会成员与他们的组织>看看组织本身是否能支持它> > 3)参与董事会成员支持这项协议,作为个人>或组织范围的认可> > 4)确定一个协调员外联工作> > 5)每个参与董事会成员执行自己的推广>自己的联系人,并与协调,维护>代言的“主列表”。 > > 6) If any serious, near-unanimous concerns are expressed with the > statement, *consider* making modifications. > > Below are some of my editing comments on the draft. Dave Mann, are > you coordinating your later drafts with Adam Shostack? Who is the > "official holder" of the draft at this point? > > Spaf suggested moving away from referring to ourselves as "experts" > and instead using "professionals" or related terms. I agree with > this, and another Board member suggested a similar modification in a > private email. > > I agree with David LeBlanc that we shouldn't specifically mention > "young security enthusiasts who behave unethically" - but on the other > hand, it's the free exchange of information that helps talented but > inexperienced people to learn and make contributions of their own. > (For example, how many high-quality posters to *Bugtraq with unknown > hat colors have been snapped up by security companies?) So I think we > need to address this *somehow*, because some "young enthusiasts" with > white hats may not be recognized as professionals. > > I suggest that we not mention funding at all. > > I also agree with others that we shouldn't mention Stackguard. > > - Steve -- Stuart Staniford --- President --- Silicon Defense stuart@silicondefense.com (707) 445-4355 (707) 445-4222 (FAX)