lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2abd77e70810110147j3a120e60h79c896b3ecbec13d@mail.gmail.com>
Date: Sat, 11 Oct 2008 09:47:09 +0100
From: AaRoNg11 <aarong11@...il.com>
To: n3td3v <xploitable@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: security industry software license

The only thing this would serve to do is cause "cracked" versions of tools
such as Metasploit and other security scanners to be put up on sites like
the pirate bay. Then, what about if somebody coded their own "security
tool"? Would they have to have a license to use it?

This whole idea goes against the idea of open source and free software.
Sure, let the large corporate vulnerability scanners do whatever the hell
they want with their software, but try telling an open source project that
they have to close their source so that the "bad guys" can't get hold of
their tools.

A licensing system of this size would cost millions, if not billions to
implement. This, along with the fact that it would be completely
unenforceable when implemented makes it clear that you really haven't
thought this through properly. It's like the government springing up and
saying you must have a license to own a computer. Virtually every home in
every MEDc has a computer already, that was bought before the licensing.
There are no records of who owns a computer. Must the government go round to
each home and search for a computer? If the owner hasn't got a license what
do they do? Remove the computer? Sorry for this crappy metaphor, but it's
something of a simillar scale and it's all I could think of to represent the
absurdity of the idea.

On Fri, Oct 10, 2008 at 2:31 AM, n3td3v <xploitable@...il.com> wrote:

> there should be a central license that people apply for to use
> software like metasploit.
>
> all the *respected* programmers would require the license before you
> get to download.
>
> anyone can apply for a licence, however only those who meet the
> criteria get given the licence.
>
> background checks are done on you to see you are who you say you are.
>
> that you're not a cyber criminal or terrorist, and that you're going
> to be using the software for the intentions of which the product was
> designed.
>
> verbal contracts never hold ground, saying, this software is for
> testing purposes isn't any guarantee that the bad guys won't use the
> software.
>
> we need a centralised security industry software license scheme so the
> good guys can take full advantage of the tools made by creators of
> security software, while shuttering the bad guys out.
>
> to rely on a "verbal contract" for security software as a safe guard
> is no longer enough for the security industry in light of metasploit
> and other borderline "evil" purpose software.
>
> its time that members of the industry work together to form such a
> scheme, to insure a streamline programme that all the good guys can be
> part of, only letting the good guys use the software for good
> purposes.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Aaron Goulden

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ