Hi. I do not know if this is the right place to ask such question. If not, please forward me to a more appropriate mailing list.

While taking a look at the CISSP code of ethics, I have set foot on a point which raised doubt in my mind:

--- quote start ---
[...]
To discourage such behavior as:
   [...]
   - Professional association with non-professionals
   - Professional recognition of or association with amateurs
   [...]
--- quote stop ---

I wondered what those two points really meant. My understanding of the information security industry is that much of the research work has been peformed by those "non-professionals" and "amateurs", often kids in their early 20's, publicating their research results on forums like Bugtraq or magazines like Phrack, under the most original pseudonymes and nicknames such as 'rain forest puppy', 'zen-parse', 'lcamtuf', 'aleph1', etc. This is a truth that cannot be hidden. Many security professionals have gained most of their knowledge, directly or indirectly, thanks to these publications and sources of highly valuable information.

Maybe I am mistaken, but I believe this specific part of the CISSP's code of ethics is a huge lack of respect to the security community, and the "amateurs" and "non-professionals" who form it. What do you people think?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]