CAIT
Vendor Liability for Security Flaws
Don Cohn started the meeting with a description of a suggestion for a new project to create a standard set of reps and warrants that companies could demand from software vendors relating to the lack of security flaws in the vendor's products [Watch 6mb Quicktime Movie of Don]. If you're interested in this as a potential project, please contact Don.
Assessing the Security Risks of Third Party Vendors
Continuing the general subject, Michael Fleming then described an existing project that focused on how to conduct due diligence or assessments of third party vendors. GLBA and other laws now require that some companies only use vendors who have demonstrated they are capable of maintaining appropriate safeguards for data.
Mike demonstrated a sample self-assessment checklist to start the project. It will soon be loaded to the LawHub. Given the draft nature of the document, it will not be publicly available until later.
The interesting twist on this project is that Fleming plans to use a Wiki for group members to comment on and to develop the text for the security document. He showed a live Wiki he has created for the project. This will be a fun way to try out one of the latest collaborative authoring tools. Group members will be able to edit the document, show their edits to others, and the group can "vote" the changes up and down. This will be a fun experiment. [LINK TO BE POSTED LATER]
The Wiki is being hosted by editme.
Demonstration of the Model Web Site
Jason Epstein then demonstrated the current version of the Model Website. It will eventually be packaged as a book and CD combination for publication and sale by the ABA. The Model Web site is intended for use by lawyers and businesses to help them understand the legal challenges involved in operating a Web site to sell goods or services. It contains sample Web pages with annotations and pop-up text to identify issues and suggest ways of resolving them.
The group was in general agreement that this was one of the most innovative projects we've had in a long time. It's interactive, it breaks our traditinal publication models, and it presents material in a whole new way.
Don Cohn started the meeting with a description of a suggestion for a new project to create a standard set of reps and warrants that companies could demand from software vendors relating to the lack of security flaws in the vendor's products [Watch 6mb Quicktime Movie of Don]. If you're interested in this as a potential project, please contact Don.
Assessing the Security Risks of Third Party Vendors
Continuing the general subject, Michael Fleming then described an existing project that focused on how to conduct due diligence or assessments of third party vendors. GLBA and other laws now require that some companies only use vendors who have demonstrated they are capable of maintaining appropriate safeguards for data.
Mike demonstrated a sample self-assessment checklist to start the project. It will soon be loaded to the LawHub. Given the draft nature of the document, it will not be publicly available until later.
The interesting twist on this project is that Fleming plans to use a Wiki for group members to comment on and to develop the text for the security document. He showed a live Wiki he has created for the project. This will be a fun way to try out one of the latest collaborative authoring tools. Group members will be able to edit the document, show their edits to others, and the group can "vote" the changes up and down. This will be a fun experiment. [LINK TO BE POSTED LATER]
The Wiki is being hosted by editme.
Demonstration of the Model Web Site
Jason Epstein then demonstrated the current version of the Model Website. It will eventually be packaged as a book and CD combination for publication and sale by the ABA. The Model Web site is intended for use by lawyers and businesses to help them understand the legal challenges involved in operating a Web site to sell goods or services. It contains sample Web pages with annotations and pop-up text to identify issues and suggest ways of resolving them.
The group was in general agreement that this was one of the most innovative projects we've had in a long time. It's interactive, it breaks our traditinal publication models, and it presents material in a whole new way.
posted by Michael McGuire at
9:20 AM
