• Home

Posts Tagged ‘Hope’

SBA chief says administration is asking Congress to extend loan guarantees

PostDateIcon February 9th, 2010

Small Business Administration (SBA) Administrator Karen Mills was in San Antonio Monday to discuss ways both the agency and the Obama administration are working on to further encourage lending to small businesses.

Mills spoke at the annual International Franchise Association convention.

These efforts, Mills says, include asking Congress for additional funding for its loan programs.

In February of 2009, the SBA received $730 million in federal stimulus funding as part of the American Recovery and Reinvestment Act. However, this wasn’t enough to meet the loan demand and in December, the SBA received an additional $125 million from Congress.

“We immediately were able to get that out as well. (But) it will run out at the end of this month,” Mills says, adding that the president has asked Congress for another extension in funding.

SBA spokesman Jonathan Swain says the president called for extending the recovery act provisions for the SBA’s 7a and 504 Certified Development Company loan programs through Sept. 30, 2010. The House passed legislation that would do so and it included $323 million to fund the extension. The U.S. Senate has not yet acted on the proposal.

“We are continuing to discuss it with the Senate and are hopeful we will see the extension move forward soon,” Swain says.

If granted, Mills says, the additional funds will be used to increase the loan limit for its 7(a) and 504 loan programs from $2 million to $5 million. Mills says about 10 percent or 12 percent of the loans made with recovery funds have gone to franchisees. Many of these franchisees, she says, have expressed the need for larger loan limits in order to purchase buildings or to make acquisitions.

“So, we’ve proposed to Congress that we increase these loans,” she says.

Other things the SBA is looking to do is extend the 90 percent guarantee on its 7(a) loan program.

The Recovery Act, among other things, temporarily raised the guarantee on the 7(a) loan program up to 90 percent through the end of the calendar year 2009, or until funds set aside for the program were exhausted.

Prior to the enactment of the law, the guarantee on the 7(a) loan program was between 75 percent and 85 percent.

The act also temporarily eliminated fees for borrowers on the 7(a) loans as well as fees for both borrowers and lenders on the 504 loans through the end of the year or until funding for the enhanced programs are exhausted.

The 504 CDC loans are principally used for land, new building construction, acquisition and rehab of existing buildings, long-term machinery and equipment purchases, and debt refinancing.

Interestingly, Mills says, the agency is also seeking to use its 504 loan program to refinance owner-occupied commercial real estate mortgages.

Mills says that in this present economic environment, in an effort to get commercial mortgages off their books, some banks may be unwilling to renew commercial real estate mortgages even if the owners have never missed a payment.

Using the 504 loan program in this capacity temporarily, she says, could benefit these business owners.

Mills says the agency has been meeting with small and large banks as well as small businesses and community leaders around the country to develop the measures that it is seeking from Congress. And, she says she believes these measures are ones that will be easy to implement.

“We can do those things quickly within the programmatic structure that we already have (in place) at very cost-effective rates,” she says.

PostCategoryIcon Posted in Corporate | PostTagIcon Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | PostCommentsIcon Comments Closed

Microsoft, Google split over browser bug bounty

PostDateIcon February 9th, 2010

To entice security researchers to look for holes in the Chrome browser, Google has announced it will pay $500 for bugs found in the code. But several experts say that’s not enough money to motivate skilled vulnerability researchers.

“I think it’s ridiculous,” Charlie Miller, a senior security researcher at Independent Security Evaluators, said when asked Monday for his opinion of Google’s new bug bounty program. “It’s insulting. It’s so low.”

Under Google’s new “experimental” incentive program announced last week people will get paid $500 for select interesting and original security vulnerabilities discovered in Chrome, or $1,337 for particularly severe or clever bugs. That figure refers to the geek term for elite, or “leet,” which can be spelled out using the numbers.

Mozilla pays $500 to researchers who find valid security bugs in the Firefox browser, the Thunderbird e-mail client or the Mozilla suite.

You would think Google would be roundly praised for offering to pay researchers for work they often do for free. But not everyone is impressed.

“It’s probably better to pay professional QA [quality assurance] people and pen [penetration] testers than to expect the public to do your testing for you on the cheap,” said Gary McGraw, chief technology officer at Cigital and a specialist in secure code writing processes. “No excellent professional tester I know would be attracted by a bounty like that–perhaps adolescents would do it for beer money (or rather red bull and vodka money).”

Miller’s criticism might be particularly stinging, given that he announced a campaign called “No More Free Bugs,” about a year ago. He argued that vendors should pay when outside researchers discover vulnerabilities in their commercial software instead of freeloading on the efforts of volunteer bug hunters whose work ends up making the products safer.

“In some senses this is my dream come true,” Miller said. “I’ve been begging vendors for this. And then when it happens I’m bitter and critical,” because it’s so much lower than what researchers can make from bounty programs at VeriSign iDefense’s Vulnerability Contributor Program and the Zero Day Initiative run by 3Com’s TippingPoint.

“If I did find a bug in Chrome, I could sell it to the Zero Day Initiative and make $2,000 and it still gets reported to Google eventually, so why would I give it to Google for $500? It doesn’t make sense,” he said.

Pedram Amini, who runs the Zero Day Initiative, wouldn’t say how much the program pays for bugs but said “on average it’s over 10 times what Google’s offering.”

“Google is the first huge company to create a bug bounty. I’m happy they’re doing it. It’s a step in the right direction,” he said. “But pricing-wise, they’re not going to be able to compete with other bug bounty programs.”

Granted, it might be easier to find bugs in beta software, than in products that have been released to the public, which the Zero Day Initiative focuses on, according to Amini. And it’s wise for Google to do something to attract the attention of researchers to its browser, which is much newer and has fewer users than the other major browsers, he said.

“I think there is going to be a subset of people who will use the Google program,” he said. “One thing that is certain–vulnerabilities do have value.”

Google’s pay scheme is at the low end of what iDefense pays, according to Rick Howard, director of iDefense Intelligence.

“Google has always shown that it is willing to take on large and complex projects for which it has no past experience and make a success of it. I see no reason why they should not succeed in this one,” Howard said.

Jeremiah Grossman, chief technology officer and co-founder of WhiteHat Security, said Google’s plan could be the start of an interesting trend.

“If a researcher is purely interested in the dollar reward, then by all means he should go where the dollar is highest. But if you happen to find one because it’s fun and interesting to you, then you’ll get paid too,” he said. “I’ve been suggesting Microsoft should do this for a long time but they have a moral issue with it.” Microsoft is sticking with its no-bounty stance.

“Microsoft does not offer compensation for information regarding security vulnerabilities. We do not believe that offering compensation for vulnerability information is the best way we can help protect our customers,” said Dave Forstrom, group manager of Microsoft Trustworthy Computing. “We also do not think it fosters the growth of a healthy ecosystem.”

Last July, Google paid more than $8,000 to a team of researchers that won a Native Client Security Contest.

Asked to comment on complaints that $500 is too little compensation for bug hunters, Chris Evans of the Google Security Team wrote in an e-mail: “We took care to design the program to allow for a wide variety of bugs to qualify for payment and to make it easier for researchers to participate–for example, we don’t necessarily need a working exploit (which is often much more difficult than finding a bug) and we’re interested in bugs even if they manifest within the Chromium sandbox.”

Chromium is the open-source project for Google’s Chrome browser and unreleased Chrome operating system. Evans said it was too early to say whether Chrome OS would be included in the bounty program after it launches.

“Chromium has already benefited from collaboration with security researchers, and we expect they will continue to scrutinize the Chromium code and help us improve it regardless of any action we take,” he said. “To them, this reward can be seen as a token of appreciation. To others, we hope the addition of a reward may encourage new people to participate beyond how they might have otherwise.”

PostCategoryIcon Posted in Corporate | PostTagIcon Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | PostCommentsIcon Comments Closed

Standards of Business Conduct, Values, and Global Information Security Policy

PostDateIcon February 9th, 2010

Corporate Standard of Business Conduct

Introduction

This Corporate Standard of Business Conduct (this “Standard”) declares the company’s compliance with legal requirements and states general standard of business conduct. It summarizes the high-level principles and business practices that express the company’s commitment to the public at large. This Standard applies to the company and its subsidiaries and affiliates. This Standard is not intended to cover every situation directors, officers or employees of the company may face, nor does it replace other more detailed policies adopted by the company and its subsidiaries and affiliates.

ACCESS is a global company, and its business operations are subject to the laws of different countries. Cultural differences or local laws and customs may require a different interpretation of this Standard. If this situation arises, the Legal Division of ACCESS Co., Ltd. or the legal department of its subsidiaries and affiliates are to be consulted before any action is taken.

The company is committed to continually reviewing and updating its policies and procedures. This Standard, therefore, is subject to modification. This Standard supersedes all other such codes, policies, procedures, instructions, practices, rules or written or verbal representation to the extent that they are inconsistent.

This Standard is not intended to and does not create an employment contract, and does not create any contractual rights between ACCESS and its officers or employees or create any express or implied promise for specific treatment in specific situations. Each officer’s or employee’s employment relationship with ACCESS can be terminated at any time for any reason with or without cause unless the applicable laws or a written contract signed by a representative of ACCESS authorized to enter into such an employment agreement provide otherwise.

1. Honest Business Operations
ACCESS will comply with all applicable laws and regulations, and carry out its business operations with integrity and honesty, in accordance with common sense and prudent business practices. Ethical business conduct is critical to our business.

2. Customer Satisfaction
ACCESS will always strive to lead the industry and provide high quality products and services that would give customers and users positive surprise, excitement and a good impression.

3. Respect of Intellectual Property Rights
ACCESS will protect the works and achievements created by research and development activities, through intellectual property rights, and will utilize those works and rights actively. ACCESS will also use reasonable efforts not to infringe upon intellectual property rights of others.

4. Management of Personal Information and Customer Information
ACCESS will receive personal information and customer information only to the extent necessary to carry out business operations, and will use them for the purposes contemplated, and in accordance with applicable laws, paying sufficient attention to protection of privacy. Also, ACCESS will use reasonable efforts to manage properly the personal information and customer information so stored and to avoid unauthorized release or misappropriation of such information.

5. Disclosure
ACCESS will disclose necessary and sufficient information in accordance with applicable laws and regulations, in order to make sure that ACCESS’ financial conditions and results of operations will be appropriately assessed and understood.

6. Global Businesses
ACCESS will carry out global businesses in a manner that respects local customs and cultures, and will use reasonable efforts to contribute to the social and economic development of each community.

7. Confrontation with Anti-social Powers
As a good corporate citizen, ACCESS will, firmly without any compromise, confront with anti-social, violent powers and groups (e.g., gangsters; yakuza) that are willing to threaten social orders and safety of communities.

8. Discovery of Issues and Prompt Measures
ACCESS will establish appropriate internal systems and structures for corporate governance, in order to grasp internal issues in a timely manner and to promptly take precautionary actions against them. Should there be any problem during the ordinary course of business, ACCESS will cope with such problems, properly and promptly, and initiate any necessary corrective measures with all due speed.

9. Social Contribution
ACCESS will commit itself to active contributions to societies/communities, and will support the employees’ voluntary participation to social activities.

10. Opportunities to Enhance Individual Capabilities
ACCESS will provide opportunities to the employees that want to work hard or to enhance or expand their own capabilities, while respecting diversity, individual character, and the personality of each employee.

11. Arrangement of Better Work Environment
ACCESS will create and maintain comfortable work environments, paying attention to workplace safety as well as focusing on comfort, orderly arrangements and cleanliness.

12. Protection of Environment
In view of international environment standards, ACCESS will use reasonable efforts to accomplish resource-saving, energy-saving, recycling and environmental preservation.

ACCESS’ Values

1. Trust, Credibility, Integrity
We conduct ourselves with uncompromising honesty and integrity. We comply with laws, regulations and other rules; establish good corporate ethics; and take all actions in accordance with our own high standards and conscience.

2. Vision, Dream, Hope
Bearing the mid- and long-term visions and dreams in mind, we make best efforts to attain them.

3. Change, Innovation, Leadership
We always pay attention to changing social and economic conditions, whereby we try to reform ourselves continuously and to be a leader in the industry.

4. Respect
We treat others with respect and fairness.

5. Customer Satisfaction
We understand that our success depends on our customers and we commit to serving them every day. We always consider and behave, giving the first priority to customer satisfaction.

6. Performance, Achievement
We assess individual employees based only on their results and achievements including process management. Each individual is provided the opportunity to accept additional challenges and responsibilities commensurate with the individual’s capability, competency and initiative, and our corporate business goals.

7. Excellence in Execution
We are passionately committed to excellence. We strive for excellence in everything we do by setting aggressive goals, being accountable for our actions, and exhibiting positive leadership.

8. Quality, Cost, Speed.
We provide high quality products and services, at reasonable prices, in a timely manner, and make decisions without delay.

9. Teamwork
We value teamwork and help each other to succeed. We make the best use of the capabilities of individual employees, and create, through mutual cooperation, a work environment suitable for the entire company or group.

10. Professionalism
We foster creative and innovative leadership in all aspects of our business. We develop specialty, skills, communication ability higher than what our customers or partners expect from us.

ACCESS Global Information Security Policy

ACCESS Co., Ltd. and its affiliates (collectively, the “ACCESS Group”) aim to become an innovative leader in providing software, solutions and services to customers to enable beneficial changes in society through the use of ACCESS technologies. For the purpose of achieving these goals, the ACCESS Group possesses valuable information assets of its own and of its customers. In order to achieve more effective operations and higher customer satisfaction, the ACCESS Group must safeguard such information from improper disclosure or misuse. This Policy is to further such goals.

The ACCESS Group handles software source code and technical information derived from research and development activities; business and technical information received from customers; personal information about employees and end-users for certain services; and other valuable and confidential information. Under various laws and contractual agreements, ACCESS must takes steps to prevent any improper release or dissemination of such information. The purpose of this Policy is to institute high-level policy and procedures to accomplish the protection of such information.

Therefore, the ACCESS Group hereby declares that information security is an important strategy in achieving its goals and enacts its fundamental information security policy, as described below, and will continue to work towards secure and proper possession, utilization and administration of information assets.

The ACCESS Group is committed to continually reviewing and updating its policies and procedures. This Policy, therefore, is subject to modification. This Policy supersedes all other ACCESS Group codes, policies, procedures, instructions, practices, rules or written or verbal representation to the extent that they are inconsistent.

1. Information Security Organization
The ACCESS Group will establish an Information Security Committee with the Chief Information Officer as its head. The Information Security Committee will study, plan and implement measures for information security. The Information Security Committee will be responsible for setting internal standards, rules and procedures.

2. Applicability
The information that is subject to this Policy includes, without limitation, all information, data, materials, and software programs, whether in writing, electronic or other format that are owned by the ACCESS Group, or under the control of the ACCESS Group and belonging to any employee, agent, customers, or business partner of the ACCESS Group. All ACCESS Group employees, whether full or part-time, contractors, officers, directors or any other agent or representative who has access to or is making use of any confidential information on behalf of the ACCESS Group, is subject to this Policy.

3. Administration and Safeguarding of Information Assets
The Information Security Committee will determine a mechanism for the classification of all information assets in the possession or under the control of the ACCESS Group. For each classification level, the Information Security Committee will set out guidelines for control measures for handling confidential and proprietary information. The classification will take into account levels of importance and risk. The Information Security Committee will apply, as necessary, regional changes to this Policy, or any procedures or measures arising from this Policy, to account for local laws, customs and practices.

4. Education and Training
The ACCESS Group will continually provide all of its employees with education and training relating to information security. The ACCESS Group will promote an internal corporate culture that values protection of proprietary and confidential information and the respect for the confidential and proprietary information of customers, employees and business partners.

5. Observance of Laws and Regulations
In each geographic region in which the ACCESS Group operates, there are laws, regulations, orders, and other rules imposed by governmental or regulatory bodies with regard to the handling of information (collectively, “Laws”). The ACCESS Group is committed to complying with the Laws in countries in which it operates and the Information Security Committee will take steps to identify relevant Laws for each region and modify this Policy or any procedures or rules for that region to ensure compliance.

6. Information Security Incidents
The Information Security Committee will establish a general response plan in the event of a breach of security. Should an information security incident occur, the ACCESS Group will promptly respond to the incident to prevent the increase of damage. Subsequently, the Information Security Committee will review and evaluate the incident and propose any necessary policy or procedural changes to avoid a repeat of the incident.

7. Penalties and Enforcement
Non-compliance with or a breach of any of the provisions of this Policies or any of the procedures implemented to ensure compliance with the goals of this Policy may result in action by the ACCESS Group up to and including termination of any employee, whether full or part-time, contractors, officers, directors or any other agent, and as determined by officers or directors of the ACCESS Group, may include legal action for any damages arising from the gross negligence or willful misconduct of any employee, contractor, officer, director or any other agent.

PostCategoryIcon Posted in Corporate | PostTagIcon Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | PostCommentsIcon Comments Closed
Recent Posts
best links
virtual data room
http://www.datasite.com - Merrill DataSite is the most secure virtual data room solution that helps speed up the due diligence in business mergers, acquisitions, venture capital, fund raising, IPO exit strategies, succession plan.
Wellogic


    • Designed by Copyright © 2010 Expansion Technology Corporate. All Rights Reserved.