Anti-Virus Information Exchange Network Code of Conduct

Signatories

(i) DO NO HARM
I will not write and deliberately release any code with malicious intent. With malicious code being defined as not only code that does direct or indirect damage to systems and data, but also code that has undesirable secondary consequences such as risk of embarrassment to or punishment of the victim.

I will not write replicative or destructive code unless I am convinced that it is necessary for internal research or testing purposes as required and defined by my professional activities. If I regard it as necessary to write such code, I will do so under secure and strictly controlled conditions, and I will not publish such code. Nor will I share it unless it is absolutely necessary, and then only with individuals whose competence and adherence to this code of conduct or an equivalent is beyond question. I will not keep copies of such code for any longer than is strictly necessary, and only under secure and strictly controlled conditions.

I will not deliberately damage live data. Nor will I alter any data except as authorized by the owner of those data.

I acknowledge that the public release of Malware, even for benevolent purposes such as advising potential victims of vulnerabilities in their systems, is never beneficial if it involves unauthorized access or modification to systems, even if the quality and safety in use of the code could be guaranteed under all circumstances.

(ii) DUTY OF CONFIDENCE
I will treat as confidential all data entrusted to my care. I will not divulge my client or employer's identification, or claim to act as their representative, except with their expressed consent, or where an overriding legal or moral obligation exists.

(iii) DUTY TO BEHAVE RESPONSIBLY
I will behave at all times in accordance with all applicable laws, policies, and codes of conduct required by AVIEN and any other organization with which I am affiliated.

Other than for publicly accepted legitimate development or research as part of my professional activities in understanding and/or creating defenses against malware, I will not intentionally trade, solicit, or transmit malware, or encourage these activities. I will always discourage such activities other than for publicly acceptable legitimate development, testing or research. I will not pass on malicious code to anyone whose competence and integrity is in doubt.

(iv) DUTY OF CARE
Malware entrusted to me in my professional capacity will be handled with the utmost care and respect for their capabilities for harm, in order to prevent infection or dissemination.

I will assume responsibility for viral incidents when charged with their management, irrespective of whether they result from any action of mine.

If contacted with details of a possible infection, I will proceed as if there is a definite, proven infection until it can be proved otherwise. If any system in my charge is infected, I will advise all individuals or organizations who may have been a source of infection, or who may have received malicious code as a result of contact with those systems.

(v) DUTY TO INFORM AND EDUCATE
I will dispel Malware hype, myths and misinformation through education. I will not claim knowledge or ability beyond my actual capabilities. I will not use Malware-related hype or fear-mongering to promote any company, any product, or myself.

I acknowledge and recognize that Virus eXchange (vX) web sites and bulletin boards only further the malware problem. I will not validate their existence by frequenting them, other than for ethically acceptable research into their activities. When asked, I will support and assist authorities in discouraging and suppressing vX activity wherever possible.

I understand and agree to this Code of Conduct and pledge to act in an ethical and professional manner, as outlined above.

By signing this document, I agree to abide by any reasonable penalty imposed by the AVIEN appointed controlling committee, if found guilty of unprofessional conduct in breach of this Code of Conduct.

(Once signed, this form should be faxed to 1-613-623-1645)