Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Re: MS not telling enough - ethics
From: Jeremy Bishop (requiempraetor.org)
Date: Thu Aug 18 2005 - 14:31:04 CDT
On Thursday 18 August 2005 11:31, DAN MORRILL wrote:
> community at large. So who's ethics do we apply, if I was to follow
> the CISSP code of ethics, in that consorting with non-professionals,
> would mean that I could not teach information security in college
> (which I do), nor could I teach what I know to developers or
> programmers or others who are not information security professionals
> (which I do) to help them develop better products. One of the reaons
> why I don't have a CISSP is because of that clause in the code of
> ethics, I would violate it right and left everytime I got in front of
> a classroom.
Read over the Code again. The only mandatory parts are the four canons,
and it is stated later that the canons are not equal (similar to the
Three Laws of robotics). It also states: Compliance with the guidance
is neither necessary nor sufficient for ethical conduct.
Given the Code as currently presented on the isc2.org site, I see
nothing 'unethical' about teaching others. In fact, to treat the
non-consort clause as banning the activities you mentioned above would
ignore the precedence rules given for the canons, and could be
considered, in some small way, as going against the first and second
On a side note, the ordering of the first and second canons seems to
suggest a sanctioning of... how best to say this... "chaotic good"
behaviors in appropriate situations. Would a CISSP care to comment on
The Write Many, Read Never drive. For those people that don't know
their system has a /dev/null already.
-- Rik Steenwinkel, singing the praises of 8mm Exabytes
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/