Forwarded from: "David M. Bittlingmeier, MS, CISSP, PMP" <david@private> Cc: weld@private Chris ~ Having recently returned from a three week assignment reviewing outsourcing in India I will point out that the 'Best of breed' in India companies are less at risk than many U.S. companies. While policies and/or laws may or may not 'raise the bar' a MAJOR way to protect from this is followed by those companies that wish too. Much like U.S. centric companies, there is no 'one size fits all' and each vendor has to be reviewed to 'know' what the risks are or are not. Using the Internet is an easier 'risk' to overcome than say a USB 1GB drive that can be plugged into a workstation (even a 64mb USB drive which are almost free now a days). The point, from my experience, is that each company has to be reviewed and re-reviewed regularly to 'know' that the data is secured, be that India, U.K., USA and other countries that I have reviewed. Best Regards, David Sorry ~ If you can not receive HTML e-mails the formatting may be off ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ David M. Bittlingmeier, MS, CISSP, PMP CISSP (Certified Information Systems Security Professional) PMP (Project Management Professional Credential) Bittlingmeier and Associates Pacifica, Ca * E-mail: david@private ( Phone: 650.359.5005 È Mobile: 415.260.5170 WEBSITE: www.bittlingmeier.com <http://www.bittlingmeier.com/> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONFIDENTIALITY NOTICE: This e-mail message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary, confidential, trade secret or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited and may be a violation of law. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: isn-bounces@private [mailto:isn-bounces@private] On Behalf Of InfoSec News Sent: Monday, August 09, 2004 5:45 AM To: isn@private Subject: RE: [ISN] Source code stolen from U.S. software company in India Forwarded from: Chris Wysopal <weld@private> http://www.computerworld.com/securitytopics/security/cybercrime/story/0,1080 1,95045,00.html "The company said that according to a report obtained from its branch in India, a recently hired software engineer used her Yahoo e-mail account, which now allows 100MB of free storage space, to upload and ship the copied files out of the research facility. The company detected the theft and is trying to prevent the employee from further distributing the source code and other confidential information." What this means is large free web email storage facilities make intellectual property theft easier. Just zip and send an attachement to yourself. But this is the real kicker: "Though the Indian branch of Jolly Technologies requires employees to sign a similar employment agreement, the sluggish Indian legal system and the absence of intellectual property laws make it nearly impossible to enforce such agreements, the company said. ... The company said it has decided to delay further recruitment and halt development activities in India until better legal safeguards are in place." Is this true? Can Indian employees steal source code with no legal repercussions? Wow, think of all the code that is outsourced to India these days with no legal protections. And it is all a Yahoo file attachment away. -Chris _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Wed Aug 11 2004 - 01:59:42 PDT