Re: Corporate Information Security Accountability Act of 2003

[Peter van den Heuvel <peter () bank-connect com>]

> And who's going to enforce this? Something to consider, this could mean
> that you could face criminal charges if you stated that your network was
> secure and an independent audit team belonging to the DOJ proved
> otherwise - that'd land a lot of execs in jail (including Gates).  Want
> to get your CEO put in jail?  Just open up that telnet port.
LOL. And more, who would do the audit? I've seen _far_ more audit 
reports that aren't worth shit than reports that come close to being 
reasonable. Maybe it would make better sense to require such companies 
to publisize their security incidents; enable the shareholders to draw 
their own conclusions. Not that it would change anything of course; 
MicroSoft security status being not particularly secret.

> > http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html