RE: Second draft of CyberCrime Treaty Statement

[David LeBlanc <dleblanc@microsoft.com>]

I don't think that saying who you work for neccesarily implies you are
speaking for your organization.  We have a disclaimer to that effect. We are
trying to show the treaty people that we are not just a bunch of people -
getting 10,000 signatures won't help us - 10, 20 or 30 from people and/or
organizations they recognize _will_ help us. Spaf's correct on his
interpretation of the politics here. Unless it will cost us a lot of
support, I think we should quit tip-toeing around and get it out there.  The
mere fact that we have all of the largest security software vendors and
several other very large companies amongst our employers says a lot.  I'm
not worried about securing some dinky network - I'm worried about securing
Microsoft.  These people may not know many (if any) of us individually, but
as security practicioners from MS, Sun, Cisco, IBM, ISS, NAI, Bindview,
Axent, Symantec, etc. *THAT* carries some weight.  They will know most if
not all of those names.

> -----Original Message-----
> From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG]
> Sent: Wednesday, May 10, 2000 6:52 PM
> To: cve-editorial-board-list@lists.mitre.org
> Subject: RE: Second draft of CyberCrime Treaty Statement
> 
> 
> I agree with Russ that requiring the company affiliation could be too
> restrictive.  Perhaps we could have two sections of endorsers - the
> first section for people who list their organizational affiliations,
> and the second section for individuals.  The first section can
> "impress the Treaty folks."  But the second section will allow us to
> include well-known individuals who can't speak for their own
> organizations, but whose signature will further bolster the
> statement's credibility.
> 
> - Steve
>