[Owasp-singapore] Further refinements to the code of ethics for disclosure portal - www.infothatmatter.org

Wong Onn Chee ocwong at usa.net
Mon Apr 13 02:28:23 EDT 2009

Hi folks,

Just received a "friendly" phone call from one of the schools who was
responsible for leaking students info.
Guess the ST article managed to kick someone into action.
Interestingly, the school was not mentioned in the ST article, but was
highlighted on www.infothatmatter.org

Their feedback is that too much information was disclosed.
I believe another member has replied with similar feedback too.

As this is our first attempt in setting proper disclosure standards and
we do honestly want to protect the privacy of affected individuals, we
will like to seek your opinion on the following refinements to the Code
of Ethics:

1) No disclosure of phone number - to avoid harassing calls

2) No disclosure of email address - to avoid spams

3) Partial disclosure of last 4 digits and alphabet checksum in NRIC -
this is to allow the affected individuals to quietly identify themselves

4) Partial disclosure of day and month in date of birth - again, this is
to allow the affected individuals to quietly identify themselves

The above refinements are on top of the existing restrictions such as no
names, no home address and no URL.

If you feel that there is more to be done to protect the public, feel
free to voice it out.

This portal - www.infothatmatter.org - was created for you to have a voice.
So do let us hear you. :-)


Onn Chee

More information about the Owasp-singapore mailing list