What about a clearance level for those admins who need to know how to access software bugs.
These would have to be federal and recognized by all academic institutions as superceding school level laws.
This would be 'given out' like a DOD level clearance and policed the same way. Corporations would sponsor this clearance. Educational institutions would be able to have fees waived / absorbed by corporations.
Anyone with this clearance can be contacted by someone reporting a bug / exploit activities. Alternatively have a submission form that would handle disclosure and reporting to necessary party.
Submitter is immune to legal ramifications of detection and noted in the trusted system for future, along with all identifying information so that if a school questions this activity, the school will be able to rapidly learn of the student's having followed the correct procedure.
Recipient will filter the bug into the system.
Make it policy to release submitted information (after a certain time period) to bugtraq/etc to motivate / ensure the rapid response of the party whose work has been knowingly, officially compromised.
Thoughts...
Slashdot Mirror
What about a clearance level for those admins who need to know how to access software bugs. These would have to be federal and recognized by all academic institutions as superceding school level laws. This would be 'given out' like a DOD level clearance and policed the same way. Corporations would sponsor this clearance. Educational institutions would be able to have fees waived / absorbed by corporations. Anyone with this clearance can be contacted by someone reporting a bug / exploit activities. Alternatively have a submission form that would handle disclosure and reporting to necessary party. Submitter is immune to legal ramifications of detection and noted in the trusted system for future, along with all identifying information so that if a school questions this activity, the school will be able to rapidly learn of the student's having followed the correct procedure. Recipient will filter the bug into the system. Make it policy to release submitted information (after a certain time period) to bugtraq/etc to motivate / ensure the rapid response of the party whose work has been knowingly, officially compromised. Thoughts...