lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 4 Apr 2014 15:29:46 -0300
From: Andres Riancho <andres.riancho@...il.com>
To: Bryan Bickford <bryan@...wildhats.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Legality of Open Source Tools

Hi. As w3af's project leader I've not received any legal threats over
the seven years this project has been alive.

Only a couple of months ago, and just to be sure, I added this
disclaimer which users need to accept to run the tool.

DISCLAIMER = """Usage of w3af for sending any traffic to a target
 without prior mutual consent is illegal. It is the end user's responsibility to
 obey all applicable local, state and federal laws. Developers assume
no liability
 and are not responsible for any misuse or damage caused by this program."""

On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <bryan@...wildhats.com> wrote:
> Greetings
>
> I am a security researcher who is working on a project in my free time,
> without going into details - the project will end with a powerful tool
> being publicly released.
>
> Obviously most cyber security tools have the potential for abuse. What sort
> of legal hurdles (if any) do you need to overcome to protect yourself when
> releasing software along the lines of metasploit?
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ