lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Jan 2013 14:39:56 -0500 From: Jeffrey Walton <noloader@...il.com> To: Valdis.Kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 On Thu, Jan 24, 2013 at 2:22 PM, <Valdis.Kletnieks@...edu> wrote: > On Thu, 24 Jan 2013 19:59:53 +0100, Stefan Weimar said: > >> > 1) The kid, as part of his major, signed an ethics document. > >> A better solution would have been to not do the steps 1 and 2 but make >> an NDA ("Ok, we know and you know but that's enough by now.") instead. >> I mean, some kind of responsible disclosure. >> >> By proposing this "ethics document" it was the college being >> unprofessional and not the kid. > > I think you misunderstand - the ethics document was signed *when he > applied as a student". If you think that's "unprofessional", you > might want to consider that doctors, lawyers, and other professions > have ethics standards as well. As does anybody who has a CISSP: That has not stopped lawyers and judges from perverting the legal system in the US. Judge James Ware FTW! http://en.wikipedia.org/wiki/James_Ware_(judge). > https://www.isc2.org/ethics/default.aspx TLDR; Just kidding. Its actually quite short. I wonder of the college gave him a contract, and called it a code of ethics. > I'd say anybody who persisted in doing something after they promised > not to would be running afoul of the "necessary public trust and confidence" > clause of the CISSP code of ethics? Well, there could be a lot of wiggle room. How much of it is subjective? Is it like Christianity, where the 10 Commandments are taken as 10 Suggestions? Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists