Educause Security Discussion mailing list archives
List Participation Guidelines and Responsible Vendor Behavior
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Mon, 16 Apr 2007 17:53:17 -0600
I apologize for the delay in weighing in on the list controversies of last week. As many of you know, many of us were engaged in a very successful security conference last week in Denver, Colorado (Security 2007 - http://www.educause.edu/sec07). As usual, cooler heads have prevailed and the wisdom of the various contributors probably exceeds the insights that I am about to offer. First, some background about the list. The Security Task Force created this discussion list six years ago as a means to facilitate information sharing for the improvement of computer and network security at colleges and universities. We elected to leverage the EDUCAUSE Discussion List option because it allows the "open exchange" of information across a range of colleges and universities. The availability of public archives also makes it possible for new security professionals to search previous discussions for resources on questions they might want to pose to the community. Although the primary audience is college and university security professionals, we have also recognized the value of government and industry participation, including as a mechanism to raise their awareness about the needs, concerns, and accomplishments of the higher education community. Second, as the higher education security community has grown and evolved, it became evident that the sharing of sensitive or incident-related information should be limited to a vetted community of college and university security professionals (not accessible to "bad guys", "news media", or organizations that may use it for "personal gain".) Consequently, the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) has established a closed mailing list for REN-ISAC members. We would encourage individuals responsible for incident handling in a college and university community to join the REN-ISAC for restricted information sharing forum: http://www.ren-isac.net/membership.html Third, there are "Participation Guidelines" for this list that you can review at http://www.educause.edu/ConstituentGroupParticipationGuidlines/892 The relevant portions regarding "Promotional Messages and Advertising" follows: "Discussion groups are educational in nature and not intended for promotional announcements, advertising, product-related press releases, or other commercial use. Past reactions by subscribers indicate that such postings are usually self-defeating." Finally, since the "Participation Guidelines" and EDUCAUSE Policy are silent regarding appropriate vendor behavior in response to listserv questions or discussions, we must rely on corporate participants to behave responsibly and ethically. We are prepared to take corrective action where necessary to address community concerns. Several corporate members of the list have recently posted some excellent advice and observations in this regard (see April 16th post from Dennis Meharchand, April 11th posts from Jim St. Clair and Kevin Moulton, and others.) In short, the Security Task Force believes that vendors are part of the solution to improving computer and network security in higher education. Therefore, we are relunctant to ban them from learning from these discussions as some have suggested. In some cases, the higher education community can benefit from their insights as well. In other cases, their products and services will be improved based upon the needs and concerns expressed by the community. However, the continued participation of vendors depends upon them acting responsibly upon the information available to them and refraining from using the open discussion forum that we provide for personal gain. Thank you to everyone for your patience and perseverence as we strive to create a communication mechanism that helps us improve the state of cybersecurity in higher education. Please let me know if you have any further questions. Best Regards, -Rodney -------------------------------------------------- Rodney J. Petersen, J.D. Government Relations Officer & Security Task Force Coordinator EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 (202) 872-4318 (FAX) EDUCAUSE/Internet2 Security Task Force www.educause.edu/security --------------------------------------------------
Current thread:
- List Participation Guidelines and Responsible Vendor Behavior Rodney Petersen (Apr 16)