lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 10 Oct 2008 14:38:18 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: security industry software license

>> there should be a central license that people apply for to use
>> software like metasploit.
>
> You don't want to go there.

let's go there anyway, and if hd moore doesn't comply, we can just
slap some sort of law on the license to make it against the law not to
require that downloaders have the license.

in other words a mandatory license that all security software
programmers must request downloaders show before they can obtain the
software. security software programmers not in compliance with the
license, will be treated as a bad guy... and a felony will have been
committed, where you have allowed your software to knowingly be
available to cyber criminals and terrorists, and have gone against the
interests of national security in which the license is trying to
protect.

let's get some uk/us government backing for this license... everyone
who has successfully been given a security industry software license
will have their details kept on a government database, and their
license reviewed periodically of a time still to be set, n3td3v
recommends licenses should expire every 2 years per user, or every
time your job circumstances change, and after which time your details
are reviewed to check out your circumstances that you're still
eligible for a license.

for those who the government decide are allowed to have a security
industry software license, in some ways, this is *insurance* that you
have applied for in your license, in that if anything bad happens
during your use of *any* security software, you may lose your license
for life, or have points taken away from you, limiting your chances of
being allowed your security industry software license to be renewed.

what does it mean not to have a license would pretty much mean the end
of your security professional career, in that, you wouldn't be able to
do the job, without the tools for the job which the government has not
given you permission to use.

* the programmer has to register to the scheme before he/she can make
available security software.

* the user must have a valid security industry software license before
they can download and use the software.

it's like a driving license for security software, now let's get this
implemented real quick.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ