Network Security: Detailed info on RE: Security training of developers and company liability

Subject:	RE: Security training of developers and company liability
Date:	Thu, 8 Dec 2005 09:56:57 -0000

Subject:

RE: Security training of developers and company liability

Date:

Thu, 8 Dec 2005 09:56:57 -0000

I work in education, we don't disclaim what we teach, regardless of what
it enables the students to go on and do.  Having that said that, I feel
that I would have some mitigation; I teach them the law and why they
shouldn't hack well before how they might.

Ian

-----Original Message-----
From: James Strassburg [mailto:JStrassburg@directs.com] 
Sent: 07 December 2005 16:51
To: webappsec@securityfocus.com
Subject: Security training of developers and company liability


I am currently training all of my organization's software developers on
web application security.  I'm using WebScarab and WebGoat as my primary
teaching tools as I feel that seeing how the problems are exploited is
much more effective than trying to cover every type of coding mistake
that can lead to the problems.  My question is about company liability.
What if one of the developers used the information learned to attack
another site?  Is my company liable for their actions as we taught them
how to do it?  Should I have our legal department create a disclaimer or
waiver for them to sign?

<Prev in Thread]	Current Thread	[Next in Thread>
Security training of developers and company liability, James Strassburg Re: Security training of developers and company liability, Stephen de Vries RE: Security training of developers and company liability, Clement Dupuis RE: Security training of developers and company liability, Lyal Collins RE: Security training of developers and company liability, Clement Dupuis Re: Security training of developers and company liability, Daniel RE: Security training of developers and company liability, Griffiths, Ian <= RE: Security training of developers and company liability, Brokken, Allen P. RE: Security training of developers and company liability, Jason Gregson RE: Security training of developers and company liability, James Strassburg RE: Security training of developers and company liability, Jeff Robertson Re: Security training of developers and company liability, Daniel RE: Security training of developers and company liability, Harley David RE: Security training of developers and company liability, James Strassburg RE: Security training of developers and company liability, Wall, Kevin

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	New SF Article Announcement: Trusting software, Andrew van der Stock
Next by Date:	Re: Security training of developers and company liability, Stephen de Vries
Previous by Thread:	Re: Security training of developers and company liability, Daniel
Next by Thread:	RE: Security training of developers and company liability, Brokken, Allen P.
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

New SF Article Announcement: Trusting software, Andrew van der Stock

Next by Date:

Re: Security training of developers and company liability, Stephen de Vries

Previous by Thread:

Re: Security training of developers and company liability, Daniel

Next by Thread:

RE: Security training of developers and company liability, Brokken, Allen P.

Indexes:

[Date] [Thread] [Top] [All Lists]