Forwarded from: security curmudgeon <jericho@private> : http://news.com.com/France+puts+a+damper+on+flaw+hunting/2100-7350_3-5606306.html : : By Munir Kotadia : Special to CNET News.com : March 9, 2005 : : Researchers who reverse-engineer software to discover programming flaws : can no longer legally publish their findings in France, after a court : fined a security expert on Tuesday. : : In 2001, French security researcher Guillaume Tena found a number of : vulnerabilities in the Viguard antivirus software published by Tegam : International. Tena, who at the time was known by his pseudonym : Guillermito, published his research online in March 2002. : : On Tuesday, the French court ruled that Tena should not be imprisoned : but gave him a suspended fine of 5,000 euros. This means that he only : has to pay the fine if he publishes more information on security : vulnerabilities in software. According to reports on other lists, by people who apparently read and speak French better than most American journalists, the court ruling is not about him reverse engineering software and publishing bugs so much as the fact he did it on unlicensed copies of the software. If that is the case, this ruling is more about using pirated software for security research than posting vulnerability information. Would be nice if some of the French speaking list members could translate the court ruling and help clear this up. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Fri Mar 11 2005 - 03:13:32 PST