(董事会)对网络犯罪公约声明反对意见

:马库斯Ranum,非功能性需求的代表编辑部,与网络犯罪公约声明表达了反对意见。我在这里发帖马库斯的担忧的记录。这并不影响对当前活动获得支持的声明中,我们已经决定,这不是一个“官方”编辑委员会的活动。因为他的一些问题涉及充分披露的有争议的问题,我鼓励任何潜在的反应这封邮件来照顾,以避免被这个问题“脱轨”。可能有比编辑部的邮件列表对于那些论坛的讨论。语句的问题是使用以下文本:#系统管理员,研究人员,顾问和公司所有#定期开发、使用和共享软件旨在锻炼知道#和疑似漏洞。学术机构使用这些#工具来教育学生,在研发改良#防御。我们的经验表明,这是不可能的#结合可靠区分软件用于计算机犯罪和#用于合法目的。事实上,他们常常#相同。和下面是马库斯的响应,提取各种电子邮件讨论和批准他:>声明,起草,相反我认为>立法事件的不可避免的和正确的发展关于>黑客/渗透测试工具。 > >While it is difficult to reliably distinguish between attack tools and >security tools, I believe there are standards of reasonableness that >can, and _must_ be applied. Too many attack tools are being developed >and deployed, under the guise of "helping" and "education" - I believe >that in the long run it is not helpful and is in fact detrimental. >For example, nmap, by its very design, is intended to defeat certain >forms of security. Therefore it is not a purely legitimate tool. Some >may argue that it may still be useful to white hats. That may be true >- but there are plenty of cases where legitimate tools that may be >abused are restricted and regulated. I don't have a problem with that >in this case. Others have expressed concerns that if it appears that the Board as a whole supports this treaty statement, that it may conflict with the organizational opinions of some parent organizations of Board members. Marcus effectively agrees with this: >I am opposed to participating (and, by extension, NFR >participating...) in any action that indicates support for further >dissemenation, usage, teaching about, or otherwise condoning the use >of hacking tools and techniques. - Steve