| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43B45686.7020709@sdf.lonestar.org>
Date: Thu Dec 29 21:35:21 2005
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: complaints about the governemnt spying!
Leif Ericksen wrote:
>It comes back to ignorance of the law is no excuse.
>
>
>
Ahh, but there's a BIG difference between willful or unwillful ignorance
and intentional ignorance.
It's one thing to not know a law that you should know; it's a completely
different thing to be blocked from knowing the law and expected to
respect it.
For instance, in securing networks, corporate security personnel in the
United States should be familiar with Sarbanes-Oxley and the like, at
least in passing. Compliance is expected because compliance can be
tested. Not being aware of the requirements of Sarbanes-Oxley is not an
excuse because the law is readily available and transparent. However,
if the government passed Sarbanes-Oxley and then turned around and said
"But for security reasons, the requirements are classified and even the
judges can't see them without clearance..." that would be different.
How can you guarantee compliance with a behavior when you don't have
access to the standard?
This is no different than any other standard of behavior. If people are
not allowed to know the laws, they have no way to verify their
complicity with them. I respectfully submit that the situations are
different in their entirety and that in the case of a classified law,
ignorance is intentionally created as a function of the creation of the law.
Such things cannot simply be written off.
-bkfsec
Powered by blists - more mailing lists