| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 04 Apr 2014 18:29:33 -0400 From: John Young <jya@...eline.com> To: "Brunner, Mark" <Mark.Brunner@...okfield.com>, fulldisclosure@...lists.org Subject: Re: [FD] Legality of Open Source Tools Would you suggest it is time to license security professionals like architects, engineers, doctors and others lawfully empowered to police hazardous systems in the public interest? A code of security industry standards, like building and health codes, might then be needed to assure compliance by requiring preparation and publicly filing security system documents for review by officials and, if satisfactory, issuing a permit to install the systems, then official inspection of them after installation, then periodic inspections thereafter to assure the systems remain safe and secure. Professional liability insurance would be requried to protect the client, along with mandatory continuing education to renew licensure. Disastrous security failures might then lead to prosecution for malpractice, loss of license, jail, fines and banning to philosophizing about security risks at well-paying conferences, and at the very best, a lucrative position with official or corporate regulators to oversee the security industry, occasional lectures at universities and spy agencies at home and abroad, even lifetime achievement prizes, hell, why not a Nobel. Damn fine idea, this just might put security above used car sales as a profession, at last topping politicians. Btw, is "security architect" a legal use of the term architect? At 03:18 PM 4/4/2014, you wrote: >Real people can die if you move the right >electrons attached to say life support systems >in buildings, water treatment plants, hydro >electric dams, and power stations. Real people >will be affected if you manipulate electrons >associated with banking, investing and finance. > >Mark > > > >Mark Brunner >Security Architect > > >Brookfield Corporate Operations >eArchitecture and Enterprise Information Security >1 Adelaide Street East, Suite 1400, Toronto, ON M5C 2V9 >T 416.649.8206, F 416.649.8245 >Mark.Brunner@...okfield.com > > > >View important disclosures and information about >our e-mail policies http://www.brookfield.com/emaildisclaimer. > >-----Original Message----- >From: Fulldisclosure >[mailto:fulldisclosure-bounces@...lists.org] On Behalf Of Andres Riancho >Sent: Friday, April 04, 2014 2:57 PM >To: Not EcksKaySeeDee >Cc: fulldisclosure@...lists.org >Subject: Re: [FD] Legality of Open Source Tools > >Software is SO different to a gun... you can't really compare them. >Real people will die in most cases when a gun is >misused, only electrons are disturbed (in the >great majority of cases) if you misuse a hacking tool. > >On Fri, Apr 4, 2014 at 3:50 PM, Not >EcksKaySeeDee <noteckskayseedee@...il.com> wrote: > > Re: Use of a disclaimer on these sort of tools (i.e., those that can > > harm and/or be used for good). > > > > Wonder if any gun dealer applied something similar in their shop, or > > for that matter, in a hardware store under the hammer section. > > > > > > On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho > > <andres.riancho@...il.com> > > wrote: > >> > >> Hi. As w3af's project leader I've not received any legal threats over > >> the seven years this project has been alive. > >> > >> Only a couple of months ago, and just to be sure, I added this > >> disclaimer which users need to accept to run the tool. > >> > >> DISCLAIMER = """Usage of w3af for sending any traffic to a target > >> without prior mutual consent is illegal. It is the end user's > >> responsibility to obey all applicable local, state and federal laws. > >> Developers assume no liability and are not responsible for any > >> misuse or damage caused by this program.""" > >> > >> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford > >> <bryan@...wildhats.com> > >> wrote: > >> > Greetings > >> > > >> > I am a security researcher who is working on a project in my free > >> > time, without going into details - the project will end with a > >> > powerful tool being publicly released. > >> > > >> > Obviously most cyber security tools have the potential for abuse. > >> > What sort of legal hurdles (if any) do you need to overcome to > >> > protect yourself when releasing software along the lines of > >> > metasploit? > >> > > >> > _______________________________________________ > >> > Sent through the Full Disclosure mailing list > >> > http://nmap.org/mailman/listinfo/fulldisclosure > >> > Web Archives & RSS: http://seclists.org/fulldisclosure/ > >> > >> > >> > >> -- > >> Andrés Riancho > >> Project Leader at w3af - http://w3af.org/ Web Application Attack and > >> Audit Framework > >> Twitter: @w3af > >> GPG: 0x93C344F3 > >> > >> _______________________________________________ > >> Sent through the Full Disclosure mailing list > >> http://nmap.org/mailman/listinfo/fulldisclosure > >> Web Archives & RSS: http://seclists.org/fulldisclosure/ > > > > > > > >-- >Andrés Riancho >Project Leader at w3af - http://w3af.org/ Web >Application Attack and Audit Framework >Twitter: @w3af >GPG: 0x93C344F3 > >_______________________________________________ >Sent through the Full Disclosure mailing list >http://nmap.org/mailman/listinfo/fulldisclosure >Web Archives & RSS: http://seclists.org/fulldisclosure/ > >_______________________________________________ >Sent through the Full Disclosure mailing list >http://nmap.org/mailman/listinfo/fulldisclosure >Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists