Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Bug Censorship Government Technology

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk) 20

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
This discussion has been archived. No new comments can be posted.

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry

Comments Filter:
  • When the discussion of what goes in a treaty has to be secret, you know it is going to be bad for most people. (And very good for a select few.) How many times do we have to see this? I wonder what a cyber-spring will look like?
  • Dealing with UK export laws. I've had too many conversations with our trade compliance people about restrictions when having a dev team in the UK and pen testers in the US.

  • Basically every bit of technology worth using is enumerated by this thing as dual use.

    • This may sound like tinfoil-hat territory, but consider the following possibility. Software is allowed to cross borders... if a $100,000 annual licence fee is paid for "inspection". The big outfits like Microsoft and the big anti-virus companies like Symantec/Norton would have no problems finding $100,000 between the cushions of their sofas. It's loose change for them. But consider iptables, pfsense, tripwire, openssl, openssh etc, etc.

      This would be impossible for a few volunteers to do for their pet projec

I'm a Lisp variable -- bind me!

Working...