[free-sklyarov] MSNBC story

[Jon O .]

> : 
> : Do they test encryption? I think part of the problem is no
> : large agency tests this stuff except for the FBI, NSA, etc...
> 
> You may have identified an important need here.  One way of satisfying
> it would be to have the Consumer's Union do security testing and
> related checks of software ahd hardware.  Another way would be to form
> a new organization doing such checks and reporting on them for the
> benefit of consumers---rather than systems administrators.
> 
> Since most commercial software is sold inside a shrinkwrap and cannot
> be tested for functionality---let alone security---it would seem that
> such an organization would perform a very valuable service for the
> public.
> 
> Would the DMCA outlaw it?
> 

You are right on the money with this one.

I do network security as work. Vulnerabilites in software are often
just "found" and/or researched by independent people or sometimes 
security teams. 

If these people either organized and got some kind of funding or,
offered to write reports and do testing for consumer groups this
could really work. Everyone in the security industry always
complains people do vulnerability research and never get paid.
It was only recently that it became normal to "give credit" to 
a vulneribility by the company who made the hole in the first place.

I bet these people would even offer to only get paid if they find 
a vulnerability. Furthermore, most would love it if a magazine or 
something (like Consumer Reports or the network/computer equivalent)
offered to publish their data. Right now most of this stuff occurs
on bugtraq (mailing list) and they just discussed "Hacker Copyrights."