|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: v 5.3 (dcl)
merging changes Also incorporated Jim's point by removing reference to whether the tool is commercial, freeware, or both - makes for tighter writing. Made last line of that paragraph more specific - "that software" was ambiguous. This version supercedes my previous post. After attempting to write a reformatter in perl, to heck with the formatting. We can fix it when we're done. All these different mail readers screw with things too much. > very minor changes in [] - one striking out "next > generation", since even older security professionals need > education, and another adding the word 'authorized' in the > next to last paragraph for emphasis. > > -----Original Message----- > From: Stuart Staniford [mailto:stuart@SILICONDEFENSE.COM] > Sent: Wednesday, May 10, 2000 3:27 PM > To: cve-editorial-board-list@lists.mitre.org > Subject: v 5.2 (from Stuart) Reformatted > > > Ugh - here it is after resetting Netscape's word wrap wider > > > Andre's last is great. This is my best experience ever of > collaborative > writing. > > Here's another version with very minor wordsmithing to remove a couple > of grammatical infelicities. Only substantial changes are: > > * add "and open-source" after "commercial" in re software. Dear <treaty drafters>: As experts, educators, and practitioners of information security, we wish to register our concerns about the Council of Europe draft treaty on Crime in Cyberspace. Portions of the proposed treaty may result in criminalizing techniques and software commonly used to make computer systems resistant to attack. Signatory states passing legislation to implement the treaty endanger the security of their computer systems. Professionals will not be able to adequately protect computer systems, and education of information protection specialists will be hindered. Critical to the protection of computer systems and infrastructure is the ability to test software for vulnerabilities, verify the presence of vulnerabilities in existing systems, and exchange vulnerability information. Professionals and companies routinely develop, use, and share software designed to exploit vulnerabilities. Various tools for system administrators and security experts include software that exploits vulnerabilities. Academic institutions use software designed to exploit vulnerabilities to educate students and in research to develop and improve defenses. Our experience suggests that it is impossible to reliably distinguish software used in computer crime from that used for legitimate purposes. Article 6 of the treaty is vague regarding the use, distribution, or possession of software that could be used to violate the security of computer systems. Legislation that criminalizes exploit software use would adversely impact security practitioners, researchers, and educators. Article 6 would throttle important progress in computer security research and engineering. We agree that breaking into computer systems is wrong and are strongly in favor of criminalizing inappropriate behavior. Our goal is for the treaty and resulting legislation to permit the development and application of good security measures. We urge the Council to avoid criminalizing the development, authorized use, and distribution of software important to those of us working to prevent misuse. We request that the treaty drafters specifically recognize legitimate computer security activities and permit the creation and public dissemination of software and techniques used to study and verify computer security vulnerabilities. Moreover, we urge that appropriate laws criminalizing software misuse replace the ownership or creation clauses of the treaty. Signed, <name> <affiliation> "Organizational affiliations are listed for identification purposes only, and do not necessarily reflect the official opinion of the affiliated organization."
|
||||
