| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <04May26.085135cest.118783@fd.hif.hu> From: adam at hif.hu (Adam Szilveszter) Subject: Re: Cisco's stolen code Aditya, ALD [Aditya Lalit Deshmukh] wrote: > > > are there any lawayers on the list who can confirm / deny this ? or any other list where i can ask this. this has started to get intresting from the legal point of view ! No specific comments on the USC section cited (because, although it is often forgotten, not all the world is the USA ;-) but some general comments on the situation: As others have already said, the situation is not the same in all legal systems. In the Anglo-saxon copyright system, the whole notion of "copyright" and the exceptions to it are somewhat different from the Continental European "authors' right" system and the statutory limitations to it. While inclined minds might want to dig up precedents for the "fair use" exception under copyright, and might even argue that it is possible to break other civil and criminal laws but not infringe on copyright (as if that made a huge difference... being taken away in handcuffs is certainly no more fun from knowing that you were not a copyright infringer...), the situation might be very different under the continental European system. There a general "fair use" does not exist, only specific exceptions like the right of citation, the right of academic use and scientific research and the right to make private copies. Unfortunately, the latter often does not apply to software at all, therefore a specific right to make one backup copy has been established. So, there is no opportunity to copy without explicit permission - even for private purposes - a piece of software in its entirety except if you already have a legal copy and make a backup. (but only one is allowed to exist at a time) The right to citation certainly does not apply here, since that would only allow the famous "these 15 lines" snippets. The right to research would not cover this either, because that one is also very limited. Distribution lending etc in any form, including simply making it available to others to make copies from is mostly prohibited as well. Oh and often copyright infringement in itself is a crime (may depend on the amount of damage caused), so you are not merely facing civil charges, but possibly some time in prison, and quite surely the confiscation of all of your equipment as well. Quite a few computers have made it out the door in this manner already... no need to exercise your brain to prove a physical "theft" as someone posted, because this is not it, it's a separate crime. Software patents will change much in this, although they will create new opportunities for litigation for sure. The exact details will vary from one country to the next within continental Europe, but the gist will not. So, I do suggest to not play with the Cisco code if you are in continental Europe... there are enough open-source projects out there. Oh, and another thing. In Europe, the general rule is that it *is* allowed to test a lawfully obtained piece of software by making various inputs to it and watching outputs, or by watching how it is run. So if you vuln researcher use the famous "let's send 2000 A-s to the input and let's see if it crashes" technique with Perl, and then check the core with a debugger, you are within the limits of the law, provided that you used a legal copy ;-) It is even allowed to look for errors and fix them (eg binary patching) but this applies only to the lawful user and even they are not allowed to distribute eg the fixed software (also, the author may be allowed to exclude this right in a contract). Again, exact details will vary from country to country, but this means that it is generally not forbidden to look for vulns in closed-source software for as long as you do not use pirated copies and do not go too much into disassembly but merely inspect system memory etc. Regards: Sz.
Powered by blists - more mailing lists