[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Corporate Information Security Accountability Act of 2003

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Corporate Information Security Accountability Act of 2003
From: Peter van den Heuvel <peter@bank-connect.com>
Date: Tue, 04 Nov 2003 11:25:15 +0100

And who's going to enforce this? Something to consider, this could mean
that you could face criminal charges if you stated that your network was
secure and an independent audit team belonging to the DOJ proved
otherwise - that'd land a lot of execs in jail (including Gates).  Want
to get your CEO put in jail?  Just open up that telnet port.

LOL. And more, who would do the audit? I've seen _far_ more audit reports that aren't worth shit than reports that come close to being reasonable. Maybe it would make better sense to require such companies to publisize their security incidents; enable the shareholders to draw their own conclusions. Not that it would change anything of course; MicroSoft security status being not particularly secret.

http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Corporate Information Security Accountability Act of 2003
  - From: Paul Tinsley <pdt@jackhammer.org>
- Re: [Full-Disclosure] Corporate Information Security Accountability Act of 2003
  - From: "Jonathan A. Zdziarski" <jonathan@nuclearelephant.com>

Prev by Date: [Full-Disclosure] IE obvject vuln
Next by Date: Re: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
Previous by thread: Re: [Full-Disclosure] Corporate Information Security Accountability Act of 2003
Next by thread: [Full-Disclosure] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
Index(es):
- Date
- Thread