| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <422F0AEE.4010100@nolog.org> From: sec-list at nolog.org (sec-list@...og.org) Subject: Publishing exploit code ruled illegal in France? Hi, in France some strange things happen: http://www.zdnet.com.au/news/security/0,2000061744,39183862,00.htm ---8<--- Publishing exploit code ruled illegal in France? By Munir Kotadia, ZDNet Australia 09 March 2005 Researchers that reverse engineer software to discover programming flaws can no longer legally publish their findings in France after a court fined a security expert on Tuesday. In 2001, French security researcher Guillaume Tena found a number of vulnerabilities in the Viguard antivirus software published by Tegam. Tena, who at the time was known by his pseudonym Guillermito, published his research online in March 2002. However, Tena's actions were not viewed kindly by Tegam, who initiated legal action against the researcher. That action resulted in a case being brought to trial at a Court in Paris, France. The prosecution claimed that Tena violated article 335.2 of the code of intellectual property and was asking for a four month jail term and a 6,000 euro fine. On Tuesday, the French court ruled that Tena should not be imprisoned but gave him a suspended fine of 5,000 euros. This means he only has to pay the fine if he publishes more information on security vulnerabilities in software. Chaouki Bekrar, a security consultant and co-founder of French Web site K-Otik, which is known for regularly publishing exploit codes, told ZDNet Australia that although it is good news that Tena did not have to go to jail, the ruling is very bad news for the security research industry in France. "This seems to be a good news but that is not the case. Publishing a security vulnerability or a proof of concept using reverse engineering or disassembly is now illegal in France -- how can a researcher publish a vulnerability if he can't study the software's structure?" said Bekrar. On his Web site, Tena argued that if independent researchers were not allowed to freely publish their findings about security software then users would only have "marketing press releases" to assess the quality of the software. "Unfortunately, it seems that we are heading this way in France and maybe in Europe," Tena said. Tegam is also proceeding with a civil case against Tena and asking for 900,000 euros in damages. ---8<--- GTi
Powered by blists - more mailing lists