Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[ISN] Workshop on Cybersecurity, Research & Disclosure
From: InfoSec News (isnc4i.org)
Date: Wed Oct 15 2003 - 03:20:38 CDT
Forwarded from: Adam Shostack <adamhomeport.org>
This should be a fascinating get-together.
----- Forwarded message from Lauren Gelman <gelmanstanford.edu> -----
Cybersecurity, Research & Disclosure
November 22, 2003
Stanford Law School
Stanford Law School's Center for Internet and Society will host a day-long
exploration of the relationship between computer security, privacy, and
disclosure of information about security vulnerabilities. This is the
must-attend conference for researchers, academics, practitioners, government
officials and CTO and CIOS interested in formulating disclosure practices or
policies that would promote security research, constructive information
sharing, remediation and commercial interests, and determining how such
policies could be put into effect?
Questions to be addressed include:
* Does public disclosure of vulnerabilities motivate the vendor to release
more secure software, and if so, does this benefit sufficiently outweigh
potential risks that the information will be misused?
* How can independent researchers be adequately compensated for the valuable
service they provide to vendors and customers while encouraging responsible
* Does the commercialization of security information promote security, or
should reporting be an academic or governmental function?
* What practices or policies facilitate communication between vendors and
researchers. What should the researcher do? What should the vendor do? Should
practices differ for small vendors, ISPs or website owners?
* When does disclosure best promote security and minimize exploitations, and
how much information should be disclosed at a given point in time, and to whom?
* What policies or practices encourage the installation of patches?
* How can disclosure policies promote computer security? How can we work
towards consensus on such a policy? Encourage compliance with the policy? What
would the policy include, and what are the security tradeoffs? Is there a role
for regulation or government intervention in this area, or are market
Register now at: http://cyberlaw.stanford.edu/security/
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.