lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: jonathan at (Jonathan A. Zdziarski)
Subject: Corporate Information Security
	Accountability Act of 2003


If Symantec has it their way, they will want to make it illegal to
distribute any information on vulnerabilities, diagnostic tools, and
exploit code...leaving companies like them in a position where they will
be necessary to the correct operation of a publicly traded company, and
nobody to audit the auditors (for QA, back doors, etc.)

Take it one step further and these companies could easily operate under
a shroud of information secrecy enabling them to generate their own new
exploits "in the wild" as a means of increasing revenue keeping
corporations in fear of violating securities law by not having a weekly
audit for $100,000.

I guess I must be paranoid.

On Tue, 2003-11-04 at 15:25, Chris Sharp wrote:
> I'd bet my ass that ISS/Foundstone/Qualys is behind
> this somewhere. Most security companies bottom line
> would benefit from this, but the people building the
> automated scanning tools can suddenly market
> themselves as objective security auditing tools. These
> expensive pieces of software suddenly become standards
> against which your security is measured. 

Powered by blists - more mailing lists