| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Apr 2014 02:28:23 -0700 From: coderman <coderman@...il.com> To: Bryan Bickford <bryan@...wildhats.com> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Legality of Open Source Tools On Fri, Apr 4, 2014 at 3:58 AM, Bryan Bickford <bryan@...wildhats.com> wrote: > ... > I am a security researcher who is working on a project in my free time, > without going into details - the project will end with a powerful tool > being publicly released. yes, but released under what license? :) > Obviously most cyber security tools have the potential for abuse. What sort > of legal hurdles (if any) do you need to overcome to protect yourself when > releasing software along the lines of metasploit? you'll be asked to sell your time consulting on said tool. so get your corporate finance and tax legal hurdles settled first of all. next, during some consignment work, you'll find a particularly awesome/nasty/impressive/scary sploit and want to present or sell it. you should expect arguments over your time as hourly consulting service vs. your time as work for hire under third party ownership, and so insulate your contracts with customers as another legal hurdle with these considerations in mind. last but not least, non disclosure agreements and trade secrets will come into play under some engagements. be sure you legally cover your own ass in any such terms you agree to. assuming your tool of pwnage continues to be increasingly successful, expect all the entrepreneurial legal concerns to show their ugly heads, and allocate legal budget and expertise accordingly. ... hopefully you don't have to deal with an overly aggressive attorney pushing absurd criminal charges for open source code repos on github[0]. that's a whole other kind of legal ass covering of which i am not even sure how to recommend you position yourself in your multiple jurisdictions of concern.... good luck! 0. opensource scada scanner == felony hacker charges [citation needed] some scada scanning tool released as open source led to some total insanity. too lazy to cite sources this moment, but plenty of other absurdity abounds. last consideration: is limited disclosure the better course? save it for DEF CON (the parties not the conference) before you burn it if really fun for all ages :P _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists