News: Law puts damper on web security research
2 views
Skip to first unread message
Shawn
Jun 12, 2007, 10:14:10 AM6/12/07
to SecAudit
Web security research is being seriously hampered by laws that punish
researchers for even attempting to locate flaws in web software, much
less disclosing those flaws, according to a new study.
researchers for even attempting to locate flaws in web software, much
less disclosing those flaws, according to a new study.
The report is the first by the Computer Security Institute (CSI), a
research and training organization under the aegis of CMP Technology.
It draws on discussions by a broad working group, including security
researchers and representatives of U.S. law enforcement agencies.
The upshot is that current legal frameworks designed to allow
prosecution of web attackers also make it next to impossible to
legally spot security flaws in the "web 2.0" applications quickly
becoming ubiquitous on the Internet.
Full story here:
http://security.itworld.com/4368/070612security/page_1.html
Reply all
Reply to author
Forward
0 new messages