Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Sanctum Patent Thread

Re: Sanctum Patent Thread

From: Jimi Thompson <jimit_at_myrealbox.com>
Date: Sun, 18 Jan 2004 22:52:02 -0600

.Saphyr wrote:

>Hi there,
>
>
>
>
>>And how would this notifying work? These issues are important to web
>>developers. It should be discussed in here (imho)
>>
>>
>We could for example simply add a keyword into the subject, like "LEGAL".
>People who consider only technical questions should be threaded in this list
>would then be able to easily filter them.
>
>Imho, I consider this list main topic as being a "professional and amateur web
>applications security discussion list". As my professional current activity is
>entirely related to web application security, I am consequently as much interrested
>in technical topics than legal ones. I cant barely imagine an IT security related
>list on which no legal issues can be discussed....
>
>
>My 0.2 cents, .antoine
>
>
>
Short Version - I would suggest there is more than enough fodder to keep
a seperate "legal" mailing list going.

Long Version - I would support a "legal" list so that discussions like
the one that started this could be moved to another venue. I'd also
like to see some legal beagles get involved on the list and get educated
about the technical issues. Creating a list to exchange information
between the legal community and the "techies" cannot possibly be a bad
thing.

There is a coming convergence of the two fields and neither one is as
aware of the other as the should be. Our Congress is getting involved
in technical issues (i.e. the spam legislation) that it's members simply
don't understand. As a result they pass laws who's ramifications they
don't have a clue about. I had a rather extensive converstaion with my
congress person about the DMCA and she ended up not voting for it. Our
legislatiors aren't stupid, they are just not educated about
technology. This could be our chance to enlighten some future judge or
elected representative.

We need more coordination between legislation and techncial practice in
order to deal with many of the issues that security professionals face
on a daily basis. For example, my current employer is subject to HIPAA,
FERPA, GLB, and most any other piece of federal legislation dealing with
data security. In the wake of Enron/Tyco/All the other crooks, even
more legislation is likely.

In addition, many of the states are passing laws dealing with personal
data integrity & privacy and coupling them with "long arm" statues.
They are saying that their laws apply when doing business with their
residents. I'm waiting for this to go to the Supereme Court since one
state is passing laws that are going to attempt to apply to residents of
another state.

2 cents (maybe more like a nickel :))

Jimi

>
>
>
>
>
>
>
>
>
>------------oOoo---Ôô----ooOo---------------------------
>Antonio FONTES (well, me, actually)
>http://www.nxtg.net/saphyr/index.php?fil=17
>E-mail: myfirstname.mylastname_at_myhomepagedomain.net
>-------------------------------------------------------------
>
>
>
>
>
Received on Jan 20 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]