Re: Wired misquote [Symantec want's to criminalize full-disclosure]
I am posting this In reference to the recent Wired article which Richard
Smith posted to this list. Symantec fully supports information sharing on
threats and vulnerabilities and believes it is an important tool for
consumers and IT professionals to gain a measure of early warning of
potential attacks.
The Bugtraq mailing list, maintained as an independent entity under the
SecurityFocus brand, remains one of the most respected and open sources for
security information and early alerting by security professionals worldwide
and full disclosure is *critical to the integrity of the Bugtraq
community*.
With regards to cyber crime we need more and higher quality resources for
law enforcement to work on computer forensics, and we need cooperation from
government and industry to assist prosecutors in building cases against
attackers.
Given the increase in the number of security threats and the availability
of online tools we also believe that the industry should focus on training
and educating today’s youth about the ethics of computer crime and its
affects and impact on victims.
These are not simply my words but also an official Symantec statement.
Cheers,
-al
Alfred Huger
Senior Director Engineering
Symantec Security Response