Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.

Re:

[Intron]

they should institute the pact the way it is. its good. its there for good reason. do you want russia, china, india getting american software and more imporantly tech support???

The problem is that although it is intended to make you more secure it might have the effect of making you less secure. Kind of like Norton AV.

Re:

[sittingnut]

do you know what you are talking about?

do you want russia, china, india getting american software and more imporantly tech support???

in the 1st place russia is part of wassenaar arrangement . while china and india aren't. so you can't group[ all three together in relation to this.

-
lefty protectionist editors here, as usual, display their ignorance and bias by linking M$ to denigrate. .

Re:

[Calydor]

You need to take a deep breath and eat some ice cream before your next post.

Re:

[sittingnut]

no surprise that sjw lefty editordavid, posting as AC, and driven mad by facts and exposure, has lost his basic ability to comprehend english. and vomit up his racist prejudices

Re:

[NotInHere]

I think there is more tech support going from india to the US than from the US to india.

Re:

[jaredm1]

What about users in those countries who without a patch might get their computers compromised and become unwitting victims in the next botnet attack in the land of the free and its allies?

Another "secret" treaty...

[houstonbofh]

When the discussion of what goes in a treaty has to be secret, you know it is going to be bad for most people. (And very good for a select few.) How many times do we have to see this? I wonder what a cyber-spring will look like?

We go through crap like this now

[SwashbucklingCowboy]

Dealing with UK export laws. I've had too many conversations with our trade compliance people about restrictions when having a dev team in the UK and pen testers in the US.

Wassenaar disaster

[WaffleMonster]

Basically every bit of technology worth using is enumerated by this thing as dual use.

Re:Wassenaar disaster... targetting Open Source

[knorthern knight]

This may sound like tinfoil-hat territory, but consider the following possibility. Software is allowed to cross borders... if a $100,000 annual licence fee is paid for "inspection". The big outfits like Microsoft and the big anti-virus companies like Symantec/Norton would have no problems finding $100,000 between the cushions of their sofas. It's loose change for them. But consider iptables, pfsense, tripwire, openssl, openssh etc, etc.

This would be impossible for a few volunteers to do for their pet projec