Re: [ISN] France puts a damper on flaw hunting

From: InfoSec News (isn@private)
Date: Fri Mar 11 2005 - 02:05:46 PST

Forwarded from: security curmudgeon <jericho@private>

: By Munir Kotadia 
: Special to CNET
: March 9, 2005
: Researchers who reverse-engineer software to discover programming flaws 
: can no longer legally publish their findings in France, after a court 
: fined a security expert on Tuesday.
: In 2001, French security researcher Guillaume Tena found a number of 
: vulnerabilities in the Viguard antivirus software published by Tegam 
: International. Tena, who at the time was known by his pseudonym 
: Guillermito, published his research online in March 2002.
: On Tuesday, the French court ruled that Tena should not be imprisoned 
: but gave him a suspended fine of 5,000 euros. This means that he only 
: has to pay the fine if he publishes more information on security 
: vulnerabilities in software.

According to reports on other lists, by people who apparently read and
speak French better than most American journalists, the court ruling
is not about him reverse engineering software and publishing bugs so
much as the fact he did it on unlicensed copies of the software. If
that is the case, this ruling is more about using pirated software for
security research than posting vulnerability information.

Would be nice if some of the French speaking list members could
translate the court ruling and help clear this up.

Bellua Cyber Security Asia 2005 -

This archive was generated by hypermail 2.1.3 : Fri Mar 11 2005 - 03:13:32 PST