RE: 5——网络犯罪公约草案声明

你好戴夫,见鬼!我刚刚完成修改v4,现在我重新实现v5。太好了,因为马特懂我和我最初提出的改善。中的一些重大修改v5.1总结:——删除本文档第一段打开任何安全专业,因为我们国家我们是谁在随后的段落。——删除和某些传递短语和俗语的收缩,以及相关的短语,可以运行一体的没有生产过度这样的长句。:-)——一致性在使用“软件”的程序,工具,利用代码;同样适用于“技术”指的是方法,程序,等等。——修复拼写错误。你可以感谢比尔先生的处理器。总之,统计从458年到360年,这个词就其价值而言。 :-) Andre Frech | afrech@iss.net | 678-443-6241 Internet Security Systems, Inc. --- v5.1 follows --- Dear : As experts, educators, and practitioners of information security, we wish to register our concerns about the Council of Europe draft treaty on Crime in Cyberspace. Portions of the proposed treaty may result in criminalizing techniques and software commonly used to make computer systems resistant to attack. Signatory states passing legislation to implement the treaty endanger the security of their computer systems. Professionals will not be able to adequately protect computer systems, and education of the next generation of information protection specialists will be hindered. Critical to the protection of computer systems and infrastructure is the ability to test software for vulnerabilities, verify the presence of vulnerabilities in existing systems, and exchange vulnerability information. Professionals and companies routinely develop, use, and share software designed to exploit vulnerabilities. Commercial software for system administrators and security experts include software that exploits vulnerabilities. Academic institutions use this software to educate students and in research to develop and improve defenses. Our experience supports that it is impossible to reliably distinguish between software used in computer crime and legitimate purposes. Article 6 of the treaty is vague regarding the use, distribution, or possession of software that could be used to violate the security of computer systems. Legislation that criminalizes software use would adversely impact security practitioners, researchers, and educators. Article 6 would throttle important progress in computer security research. We agree that breaking into computer systems is wrong and are strongly in favor of criminalizing inappropriate behavior. Our goal is for the treaty and resulting legislation to permit the development and application of good security measures. We urge the Council to avoid criminalizing the development, use, and distribution of software important to commerce, academia, and government professionals working to prevent misuse. We request that the treaty drafters specifically recognize legitimate computer security activities and permit the creation and public dissemination of software and techniques used to study and verify computer security vulnerabilities. Moreover, we urge that appropriate laws criminalizing software misuse replace the ownership or creation clauses of the treaty. Signed,   "Organizational affiliations are listed for identification purposes only, and do not necessarily reflect the official opinion of the affiliated organization." > -----Original Message----- > From: Dave Mann [mailto: dmann@BINDVIEW.COM]>发送:星期三,2000年5月10日下午4:41 >:cve-editorial-board-list@lists.mitre.org >主题:5——网络犯罪公约草案声明> > >下面是第五版和最后一个,我今天可以处理。> >这个版本是由马特主教。大多只是>作家缩短和澄清几点。> >国际海事组织,我认为站进一步缩短,但我今天没有>时间投入。> >可能其他人也继续将版本号>编辑,这样我们可以跟踪更改?> >谢谢!Dave > > > - - > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >戴夫·曼| |电子邮件:dmann@bos.bindview.com >高级安全分析师| |电话:508-485-7737 x254 > BindView公司| |传真:508-485-0737 > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = > > > >亲爱的<公约起草者> > >我们是一群的安全专家参与共同>漏洞和风险敞口倡议。这个项目是一个>之间的合作范围广泛的计算机安全负责>专家和公司开发一套共同的行业>的名称不同的漏洞在计算机>系统。因此,我们代表的截面技术>社区工作计算机安全漏洞。> >专家、教育工作者和从业人员的信息安全,我们希望注册我们的担忧欧洲委员会草案>条约犯罪在网络空间。 Portions of the proposed treaty > may result in criminializing practices and tools commonly used in > making computer systems resistant to attack. If signatory states > pass legislation to implement the treaty, they will endanger the > security of their computer systems because professionals > will not be able to protect those systems adequately. They will > also hinder the education of the next generation of information > protection specialists. > > Critical to the protection of computer systems and infrastructure > is the ability to test software for new vulnerabilitities, determine > the presence of known vulnerabilities in existing systems, and > exchange information about such vulnerabilities. Professionals > and companies routinely develop, use, and share tools designed to > exploit vulnerabilities. Commercial tools for system administrators > and security experts include these exploit tools. Academic > institutions > use these tools and techniques to educate students and in research to > develop new and better defenses. > > Our experience convinces us that impossible to reliably distinguish > between tools used in computer crime and instances of tools used > for the legitimate purposes described above. > > Article 6 of the treat is vague with respect to issues of use, > distribution, or possession of software that could be used to > violate the security of computer systems. Enabling legislation > that criminalized tools or their uses would affect practitioners, > researchers, and teachers, and would slow the important progress > of computer security research. > > We agree that breaking into computer systems is wrong. But, we do > not want the treaty, and the resulting legislation, to impede > the development and application of good security measures. We are > strongly in favor of criminalizing inappropriate behavior, but we > urge the Council to avoid criminalizing the development, use, and > distribution of tools that are important to professionals -- in > commerce, academia, and government -- who are working to prevent > misuse. > > We ask that the treaty drafters specifically recognize the legitimate > and important role that the creation and public dissemination of > demonstration code plays in advancing the information security > field. Moreover, we urge that appropriate laws criminalizing the > misuse of such tools replace the ownership or creation clauses of > the treaty. > > Signed, > >   > > > "Organizational affiliations are listed for > identification purposes only, and do not necessarily reflect the > official opinion of the affiliated organization." >