lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200508181231.04971.requiem@praetor.org>
Date: Thu Aug 18 20:31:15 2005
From: requiem at praetor.org (Jeremy Bishop)
Subject: Re: MS not telling enough - ethics

On Thursday 18 August 2005 11:31, DAN MORRILL wrote:

> community at large. So who's ethics do we apply, if I was to follow
> the CISSP code of ethics, in that consorting with non-professionals,
> would mean that I could not teach information security in college
> (which I do), nor could I teach what I know to developers or
> programmers or others who are not information security professionals
> (which I do) to help them develop better products. One of the reaons
> why I don't have a CISSP is because of that clause in the code of
> ethics, I would violate it right and left everytime I got in front of
> a classroom.

Read over the Code again.  The only mandatory parts are the four canons, 
and it is stated later that the canons are not equal (similar to the 
Three Laws of robotics).  It also states: Compliance with the guidance 
is neither necessary nor sufficient for ethical conduct.

Given the Code as currently presented on the isc2.org site, I see 
nothing 'unethical' about teaching others.  In fact, to treat the 
non-consort clause as banning the activities you mentioned above would 
ignore the precedence rules given for the canons, and could be 
considered, in some small way, as going against the first and second 
canons.

On a side note, the ordering of the first and second canons seems to 
suggest a sanctioning of... how best to say this... "chaotic good" 
behaviors in appropriate situations.  Would a CISSP care to comment on 
this?

-- 
The Write Many, Read Never drive.  For those people that don't know
their system has a /dev/null already.
              -- Rik Steenwinkel, singing the praises of 8mm Exabytes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ