Category Archives: cyber norms

Microsoft-led industry group pledges to not assist government cyberattacks

Posted on by

A cohort of major technology companies led by Microsoft committed Tuesday to a core set of principles for behavior in cyberspace, including not helping any government mount a cyberattack against “innocent civilians and enterprises.” For the last several weeks, Microsoft has been seeking support from companies in order to define a common standard of behavior, or norms, for the broader software making community. The announcement was spearheaded by Brad Smith, president and chief legal officer of Microsoft. Smith spoke Tuesday morning at the RSA cybersecurity conference in San Francisco to an audience mostly comprised of cybersecurity industry insiders and marketers. These norms spelled out in the agreement cover more than government relations. They contain the concept of “collective action” between technology companies to eliminate some of the more expansive cybersecurity threats facing the global economy. Dubbed the “Cybersecurity Tech Accord,” the agreement showcases the signatures of more than 30 chief executives from some of […]

The post Microsoft-led industry group pledges to not assist government cyberattacks appeared first on Cyberscoop.

Continue reading Microsoft-led industry group pledges to not assist government cyberattacks

Responsible vulnerability disclosure is becoming an international norm

Posted on by

More and more countries are joining the United States in adopting a policy of weighing the pros and cons of responsible vulnerability disclosure, as the public calls for more clarity regarding intelligence agencies and their supposed hoarding of previously undiscovered software flaws. The U.S. started using its own Vulnerability Equities Process in 2010, according to declassified documents, although it didn’t reveal the VEP publicly until 2014 — to help allay suspicions that the National Security Agency might have secretly known about the massive HeartBleed vulnerability. Now, other democracies are following suit, but it’s not clear if this will put pressure on “bad actor” nations to follow other countries’ lead. Just this month, the Canadian national broadcaster CBC reported for the first time that the country’s equivalent of the NSA, the Communications Security Establishment (CSE), had a comparable process to the VEP — although it is not public and the agency wouldn’t even say what it’s called. “CSE has […]

The post Responsible vulnerability disclosure is becoming an international norm appeared first on Cyberscoop.

Continue reading Responsible vulnerability disclosure is becoming an international norm