- From: Giles Hogben <giles.hogben@jrc.it>
- Date: Tue, 16 Oct 2001 09:12:18 +0200
- To: "p3pdev" <www-p3p-dev@w3.org>
- Cc: "Tom Jackson" <tom.jackson@jrc.it>, "Bob Thibadeau" <rht@cs.cmu.edu>
I have a question for the group. I know it's too late for the existing spec, but has the working group thought about including tags which make statements about the measures the company takes to secure the data once it is on their servers: For example <DATASECURITY><portscanlogs/><penetrationtesting tool="iss" interval="yearly" description="We use iss vulnerability scanner to test for vulnerabilities"/></DATASECURITY> I have just been on a course in penetration testing (for strictly professional purposes!) and this made me realise that this is quite a big issue in the data collection cycle, not only in real terms but also in terms of consumer perception. Giles Hogben
Received on Tuesday, 16 October 2001 03:11:06 UTC