i wouldnt get caught up with the CMA, its a pretty useless law when it
comes to todays Internet
1.-(1) A person is guilty of an offence if-
(a) he causes a computer to perform any function with intent to secure
access to any program or data held in any computer;
So whats a function? is making the web server serve a html file a function?
"intent to secure access", well thats the whole point of the Internet
isnt it, securing access to data and web applications?
On 12/8/05, Jeff Robertson <jeff.robertson@digitalinsight.com> wrote:
If possible, use their own previously-written code instead of WebGoat for
the total "scared straight" experience. ;-)
-----Original Message-----
From: James Strassburg [mailto:JStrassburg@directs.com]
Sent: Wednesday, December 07, 2005 11:51
To: webappsec@securityfocus.com
Subject: Security training of developers and company liability
I am currently training all of my organization's software
developers on web application security. I'm using WebScarab
and WebGoat as my primary teaching tools as I feel that
seeing how the problems are exploited is much more effective
than trying to cover every type of coding mistake that can
lead to the problems. My question is about company liability.
What if one of the developers used the information learned to
attack another site? Is my company liable for their actions
as we taught them how to do it? Should I have our legal
department create a disclaimer or waiver for them to sign?
I will be asking the same questions directly to our legal
department but thought a discussion here could provide some
more insight and be valuable for others. thanks.
James A. Strassburg Jr.
Software Security Architect
Direct Supply, Inc.
