Looks like one step closer to outlawing security research by anyone other than "legitimate" (corporate) entities. So they form a club and require membership dues of $5-10 K / year...this will provide barrier to entry for anyone except large vendors. Then, with standards in place which set these stringent guidelines for disclosure, they can start to brand anyone who does full disclosure as "not complying with standard industry practices." This can open up opportunities for civil action against those who dare to point out the emperor's nakedness. Criminal sanctions aren't far behind this.

One weakness they are exposing which we can all fight has to do with the RFC approach. Everyone who has a concern with the direction this is going should provide comments during the RFC process, and anyone who has time and ability should participate in the working group sessions to change the RFC.

Microsoft has beaten our federal government into submission, also nine states, and 99% of commercial businesses. While they attempt to take over not only the Internet but the information security industry as well, it is in our best interests to fight them with any and all tools available.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/281/8678#8678