AVIEN AVIEN
Anti-Virus Information Exchange Network		 AVI-EWS
 
Home    AVIEN    AVI-EWS    News    Contacts    Links

General principles for handling posts to AVIEN / AVI-EWS lists

  1. Respect copyright.
  2. Respect conditions of use for publicly available information.
  3. If a list says don't forward, don't forward.
  4. Respect confidentiality. If someone mails you off-list, it probably means you shouldn't quote them on-list without their permission, at least by name.
  5. Keep to the normal rules of netiquette.
  6. We do not flame. Period. We do not assume that everyone else on the list is an idiot. We do not pursue personal vendettas. We do not post HTML. We do not post attachments.
  7. Respect secure material. If it requires some form of security clearance for you to read it, it's unlikely that we need to see it.
  8. Keep in mind data protection issues: any information that relates to an identifiable individual may hide a legal booby trap.
  9. We sometimes appreciate juicy gossip, the more malicious the better. Let's not contravene libel laws and the like, though, and keep it to the appropriate lists.
  10. AVIEN / AVI-EWS subscribers are not extensively screened. We don't/can't guarantee anyone's security rating, credit rating, lack of criminal record, personal integrity, or goodwill.
  11. The organization is growing, and there are subscribers no-one knows very well. We do not consider it appropriate to ask individuals to take responsibility for the behavior of other individuals. We would hope that meeting the criteria for subscriber status indicates a minimum standard of behavior and professionalism, and individuals who don't meet such standards will be subject to appropriate sanctions, but such standards can normally only be applied retrospectively. In principle, the only differences between AVIEN and alt.comp.virus are that:
    • we don't admit people known to be bad news
    • if subscribers turn out to be liabilities, they can be excluded. If a post contains material you wouldn't want to air on alt.comp.virus., you should reconsider before you hit the Send button. We can't guarantee the behavior of all our subscribers in advance.
  12. Do not offer or request samples of malicious software on-list. If someone requests samples off-list, how you respond is a personal decision. However, we recommend:
    • Keep it polite.
    • Don't send samples to anyone of whose competence you are unsure.
    • Subscriber status in AVIEN / AVI-EWS is not proof of competence. It's not even absolute proof of identity.
    • Signing up for the Code of Conduct is not proof of adherence to its content.
    • Vendors and researchers should not offer any inducement (financial or in kind) to supply samples.
    • Bounty hunters are not welcome.
    • Vendors asking for samples should give clear and sound directions for sending them safely. They should be sent to verifiable email accounts, ftp upload sites, or actual addresses. They should not normally be sent to individuals.
    • If in doubt, don't. Better still, ask the DC for a ruling. You don't have to name names.

How to deal with the content of posts with regards to forwarding outside of AVIEN / AVI-EWS

Type of Post Examples Rules
Forwarded public information (news, debate) Opinion/semi-informational pieces from Silicon, CNET and such. Poster: It's usually appropriate to summarize and/or give URL than to forward verbatim material. Respect copyright.

Reader: May forward outside AVIEN / AVI-EWS as long as there is no doubt as to legality and propriety of posting, permission to forward is explicitly or implicitly given, and as long as any inappropriate information about the persons who posted it (or their organization) is removed - this includes the email addresses of the poster and AVIEN / AVI-EWS lists. If you edit, say so (see previous paragraph).

Forwarded private information Intra-organizational or intra-departmental security alerts, memos etc. Poster: You know your own organizational guidelines and imperatives better than we do. We do not ask anyone to whistle-blow. We don't guarantee confidentiality on the part of anyone reading such material. We do not have a junior branch, and expect subscribers to take responsibility for their own actions as responsible, adult professionals. Consider whether it would be more appropriate to summarize and/or phrase as a general issue, rather than specify the involvement of your employer.

Reader: We can't envisage any circumstances under which verbatim forwarding would be permissible unless the poster -and- his employer had given explicit permission. In which case, normal sanitization requirements would normally apply (i.e. unless specifically waived).

Forwarded public non-informational material Chat, joke postings etc. with no personal content. Poster:   Keep it to appropriate lists. Keep to laws of copyright etc. Don't post inflammatory or offensive material that should be restricted to private mail.

Reader: May forward as long as there is no doubt as to legality and propriety of posting, permission to forward is explicitly or implicitly given, and as long as any inappropriate information about the persons who posted it (or their organization) is removed - this includes the email addresses of the poster and AVIEN / AVI-EWS lists.

Unforwarded material Requests for information, comment or discussion. Poster:   If your post includes information that might be of interest to salesmen, virus authors, social engineers and other intruders, it's your funeral. We can't guarantee that sensitive material won't be passed on or otherwise misused. If you -want- it to be passed on, give explicit permission, and if you want to make sure it doesn't get lost in translation, say you don't want it edited. Bear in mind that not all of us are experts, and even those who are aren't experts at -everything-. Caveat lector. ("Let the reader beware.")

Reader: No forward without explicit permission of the poster. Sanitize - not only material specific to individuals/organizations, but any other potentially sensitive material, using your own discretion. If you're unsure, ask. Responses should be polite and reasonably informative. Not too many 'me too' posts, and bear in mind that if your answer is laconic and authoritative "Yes/No/Hoax/Rubbish" you should make reasonable efforts to verify your assertions and expect to be called on to justify them.

Information - tips, warnings, FAQs etc. Self explanatory Poster:   If you post it, you're responsible for it. You're expected to post on a best endeavours basis. Don't plagiarize. Acknowledge and verify sources. If you find out you got it wrong, post accordingly. This isn't bugtraq: if you discover a way to melt hard disks through software, be discreet about sharing it: an AVIEN or AVI-EWS list is probably not going to be an appropriate forum. Conserve bandwidth - URLs are usually better than long posts. If you have a commercial agenda, say so. A product announcement -may- be acceptable under some circumstances, but AVIEN and AVI-EWS lists are not there for free advertising/PR. If you maintain a voluntary resource, good on you, but we're not here to build reputations. Don't drag your website, FAQ, book, or CD with Britney Spears in at every opportunity.

Reader: Caveat lector. These lists are not preemptively moderated, and no-one has time to check every detail of a posting. Don't forward unless you know you have permission, and you've sanitized accordingly.

Personal material Self explanatory Poster:   Keep it to the appropriate lists or off-list. If it's sensitive, bear in mind that there are no guarantees about who may read it.

Reader: Don't ever forward.

 
Home    AVIEN    AVI-EWS    News    Contacts    Links