lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050311083258.GB23819@DAPCVA.da>
From: var at deny-all.com (Vincent Archer)
Subject: Publishing exploit code ruled illegal in France?

On Thu, Mar 10, 2005 at 09:59:35AM -0700, Burnes, James wrote:
> So, in France, which of the following statements are true?
> 
> 1. You must literally own the software in question before reverse
> engineering it?  A normal user license is not good enough.  In other
> words, only Microsoft may reverse engineer its own software.  Pointless,
> but whatever...
> 
> 2. You may reverse engineer a copy that you have licensed.
> 
> 3. You may reverse engineer a copy that a license owner has given you
> permission to examine.
> 
> 4. You must have formal permission of a license owner in hand and
> notarized before you may examine such a piece of software.

That would be statement 2. 3 is probably also arguable in court, if the
license owner has formally contracted you (or is just your employer) to do
the reverse engineering on his behalf.

The reverse engineering is allowable thru exeptions to the general rules
protecting IP and trade secrets. The main one is that you're allowed to
reverse engineer software for interoperability purposes (i.e., you're
allowed to dissect Windows to find out the undocumented APIs that you
could use in your programs. Or to find out how the firewall work, so
you can control it or supplement it).

Reverse engineering and publishing your findings is not automatic. That's
where consumer protection laws start to interfere with IP, and that's
where lawyers start earning their fees.

At least, it's not DMCA.

-- 
Vincent ARCHER
varcher@...yall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ