lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: jasonc at science.org (Jason Coombs)
Subject: Fwd: NDA & SOX?

Aditya Deshmukh wrote:
>>You've signed an NDA.
>>
>>What do you do?
>
>Revel all the info anonymously ?

Revealing all of the confidential information would be unethical.

Confidences must be protected, and secrets must be kept. And not out of fear of civil liability or personal bankruptcy, but because honor and integrity are essential ingredients in a healthy society.

The greater good is always served when individuals are free to decide for themselves, free from duress, what the right thing to do is in their unique situation.

Doing nothing would be immoral, and could place you in the position of being an accomplice to violations of SOX through your inactions.

SOX includes whistleblower protections, and a judge or jury ultimately has the power to affirm or reject the correctness of your actions or inactions in real-world situations.

Taking action may result in civil liability for your mistakes. Taking no action may result in criminal liability and the greater harm to all. Which is the more substantial risk? Which is more likely to be the correct decision? It is easy to see that all good men must assume civil liability in order to prevent criminal acts.

One of the key elements of the answer to the original poster's question is the necessity for the individual to decide which risk is the better risk for them to take according to their own beliefs and circumstances.

We have legislation like SOX for the express reason that our peers and our government wish each of us to take more seriously our role in complex white collar financial crimes.

SOX helps to tip the scales in favor of full disclosure. Its very existence should cause people who are wrestling with the conflict of having civil obligations and liabilities under contract, versus their equally-important ethical and moral obligations to help create the greater good for all, resolve this conflict in favor of taking action rather than taking no action.

Legislators and courts can, and will, provide greater clarification for us on these very questions in the future.

For now, the rule is to do what you believe is right, and get advice from legal counsel but don't forget that they are just making an educated guess about how a jury or a judge will respond, or interpret the law. Your attorney is not you, and it is not their decision to make in the end.

Sincerely,

Jason Coombs
jasonc@...ence.org

Powered by blists - more mailing lists