Full Disclosure mailing list archives
RE: Re: Your One-Stop Site For Sony Lawsuit Info
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 22 Nov 2005 14:04:52 -0600
Not just SOX. HIPAA and GLB will do the same thing. HIPAA will hold an individual practioner liable for security failures, if the corp had an acceptable plan but the implementation either never took place or was done shoddily. If the plan isn't in place, then the admins are liable - personally liable.
--On Tuesday, November 22, 2005 12:20:33 -0700 Christopher Carpenter <ccarpenter () dswa net> wrote:
Hi Jason, Paul: While Jason's point may _currently_ be valid in reference to programmers, legislation like Sarbanes-Oxley is reiterating individual accountability for auditors and executives. We may see a trickle-down effect to lower level management and/or project managers if other corporations infringe on personal liberties or "pull a Sony." Chris -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Jason Coombs Sent: Tuesday, November 22, 2005 12:13 PM To: Paul Schmehl Cc: intertwingled () qwest net; bugtraq () securityfocus com; full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info Paul Schmehl wrote:So, all those corporate execs walked out of the court house inhandcuffsweren't really going to jail?There's a huge difference between a financial crime committed by an individual and a crime committed by a corporation. Let me know if the distinction confuses you and we'll discuss this more privately. You are aware that not every action of a person employed by a corporation is considered an action of the individual, right? No individual programmer who writes spyware will ever be prosecuted for doing his or her job on behalf of a corporation. No exec who instructs said programmer to author said spyware will ever have personal criminal liability for giving said instruction. If you don't like the world you live in, change it or get out. Regards, Jason Coombs jasonc () science org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Re: Your One-Stop Site For Sony Lawsuit Info Christopher Carpenter (Nov 22)
- RE: Re: Your One-Stop Site For Sony Lawsuit Info Paul Schmehl (Nov 22)
- Re: Re: Your One-Stop Site For Sony Lawsuit Info Anonymous Squirrel (Nov 22)
- Re: Re: Your One-Stop Site For Sony Lawsuit Info Eliah Kagan (Nov 22)
- Re: Re: Your One-Stop Site For Sony Lawsuit Info Kurt Buff (Nov 22)
- Re: Re: Your One-Stop Site For Sony Lawsuit Info Anonymous Squirrel (Nov 22)
- RE: Re: Your One-Stop Site For Sony Lawsuit Info Paul Schmehl (Nov 22)