[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2abd77e70810110147j3a120e60h79c896b3ecbec13d@mail.gmail.com>
Date: Sat, 11 Oct 2008 09:47:09 +0100
From: AaRoNg11 <aarong11@...il.com>
To: n3td3v <xploitable@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: security industry software license
The only thing this would serve to do is cause "cracked" versions of tools
such as Metasploit and other security scanners to be put up on sites like
the pirate bay. Then, what about if somebody coded their own "security
tool"? Would they have to have a license to use it?
This whole idea goes against the idea of open source and free software.
Sure, let the large corporate vulnerability scanners do whatever the hell
they want with their software, but try telling an open source project that
they have to close their source so that the "bad guys" can't get hold of
their tools.
A licensing system of this size would cost millions, if not billions to
implement. This, along with the fact that it would be completely
unenforceable when implemented makes it clear that you really haven't
thought this through properly. It's like the government springing up and
saying you must have a license to own a computer. Virtually every home in
every MEDc has a computer already, that was bought before the licensing.
There are no records of who owns a computer. Must the government go round to
each home and search for a computer? If the owner hasn't got a license what
do they do? Remove the computer? Sorry for this crappy metaphor, but it's
something of a simillar scale and it's all I could think of to represent the
absurdity of the idea.
On Fri, Oct 10, 2008 at 2:31 AM, n3td3v <xploitable@...il.com> wrote:
> there should be a central license that people apply for to use
> software like metasploit.
>
> all the *respected* programmers would require the license before you
> get to download.
>
> anyone can apply for a licence, however only those who meet the
> criteria get given the licence.
>
> background checks are done on you to see you are who you say you are.
>
> that you're not a cyber criminal or terrorist, and that you're going
> to be using the software for the intentions of which the product was
> designed.
>
> verbal contracts never hold ground, saying, this software is for
> testing purposes isn't any guarantee that the bad guys won't use the
> software.
>
> we need a centralised security industry software license scheme so the
> good guys can take full advantage of the tools made by creators of
> security software, while shuttering the bad guys out.
>
> to rely on a "verbal contract" for security software as a safe guard
> is no longer enough for the security industry in light of metasploit
> and other borderline "evil" purpose software.
>
> its time that members of the industry work together to form such a
> scheme, to insure a streamline programme that all the good guys can be
> part of, only letting the good guys use the software for good
> purposes.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Aaron Goulden
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists