| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Aug 18 20:52:39 2005 From: dan_20407 at msn.com (DAN MORRILL) Subject: Re: MS not telling enough - ethics Advance and protect the profession Sponsor for professional advancement those best qualified. All other things equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession. Take care not to injure the reputation of other professionals through malice or indifference. Maintain your competence; keep your skills and knowledge current. Give generously of your time and knowledge in training others. https://www.isc2.org/cgi-bin/content.cgi?category=12 The language has changed since the last time I have looked, and that is a good thing. Thanks for pointing that out as it had been a while since I went there. Even though there are 4 canons, the explaination of the code is also part of the ethics that they mandate you follow. Suffice to say, its a good idea, but what real governance power do they have? And what harm is it to remove someone's CISSP from them for unethical behavior? Anyone have any statistics they can share on how many people get their CISSP revoked due to ethical issues? Thanks, this is a good discussion. r/Dan Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time. >From: Jeremy Bishop <requiem@...etor.org> >To: full-disclosure@...ts.grok.org.uk >Subject: Re: [Full-disclosure] Re: MS not telling enough - ethics >Date: Thu, 18 Aug 2005 12:31:04 -0700 > >On Thursday 18 August 2005 11:31, DAN MORRILL wrote: > > > community at large. So who's ethics do we apply, if I was to follow > > the CISSP code of ethics, in that consorting with non-professionals, > > would mean that I could not teach information security in college > > (which I do), nor could I teach what I know to developers or > > programmers or others who are not information security professionals > > (which I do) to help them develop better products. One of the reaons > > why I don't have a CISSP is because of that clause in the code of > > ethics, I would violate it right and left everytime I got in front of > > a classroom. > >Read over the Code again. The only mandatory parts are the four canons, >and it is stated later that the canons are not equal (similar to the >Three Laws of robotics). It also states: Compliance with the guidance >is neither necessary nor sufficient for ethical conduct. > >Given the Code as currently presented on the isc2.org site, I see >nothing 'unethical' about teaching others. In fact, to treat the >non-consort clause as banning the activities you mentioned above would >ignore the precedence rules given for the canons, and could be >considered, in some small way, as going against the first and second >canons. > >On a side note, the ordering of the first and second canons seems to >suggest a sanctioning of... how best to say this... "chaotic good" >behaviors in appropriate situations. Would a CISSP care to comment on >this? > >-- >The Write Many, Read Never drive. For those people that don't know >their system has a /dev/null already. > -- Rik Steenwinkel, singing the praises of 8mm Exabytes >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Powered by blists - more mailing lists