Ross Anderson on Responsible Disclosure and Academic Freedom
1 Comment | Posted by Enno Rey
just a short, somewhat non-technical, post today: I really like this response Ross Anderson gave to the “UK Cards Association” asking Cambridge University for taking offline a thesis of one of their students. It (the letter) pretty much summarizes how security research should be treated and backed by those interested in a more secure world we live in.
On a personal note I’d like to add that Ross’ main volume “Security Engineering: A Guide to Building Dependable Distributed Systems”, initially published in 2001 and updated in the interim with a second edition in 2008, has been the most influential security book for me on my long way in the infosec space (which started back in 1997, with some workshops on firewalls I gave for IT auditors). If I could take only one infosec book to a lonely island, it would be this one.
[not sure which one to take if I could only take one book at all ... maybe Thomas Mann's "Doktor Faustus"... will get back to this once I've figured an answer ]
Back in a few days with the next part on IPv6, have a good one everybody