I've got a lot of responses for my original post (seems like I'm not the only one with that problem..) Most of these responses were very informative, so I'll post a short summary. It seems that the law agrees with common sense (or is it the other way around?). It's all about "fair use" of published material. Public security advisories aren't copyrighted against people quoting them, paraphrasing or publishing them in the full ("fair" uses include commentary, criticism, summarization, paraphrasing, and reports). Since the re-publishing of those advisories is done for non-profit, this is no problem. Linking to the original is common courtesy, but not necessary from a legal point of view. I guess the only "bad" use is taking the original advisory and selling it under my own name.. Another question is using the exploit source code that is sometimes included in those advisories. Since this code is published to the public in an aim that it will be used by as many people as possible, it is okay to include it when reporting about the exploit (as long as the code is not altered). So, basically, if you're a good guy then you've got no problem ;-) I also have to mention that I got many messages from people who think some of the advisories are too much about "fame and glory". Though I think it's great that commercial companies share their knowledge with the rest of the community, they are clearly not doing so out of pure philanthropy. Therefore, they can be a little nicer and tone down those disclaimers (though I'm sure their attorneys think differently). While I'm at it, I have to say that till this day I got no reply from ISS or HERT (though the original post was mailed to them also). On the other hand, someone from Microsoft (which is an example of a commercial company that has *no* explicit copyright in their security advisories) immediately contacted me to make sure MS alerts are okay. So, Aleph - since this topic repeats once in a while, I hope this information helps clear out some of the question marks. I won't end with a disclaimer (though I think it's called for), but I think you're all old enough to understand that if you're really not sure whether you can use other people's material or not, you should get a real lawyer. -- ------------------------- Aviram Jenik "Addicted to Chaos" ------------------------- Today's quote: The most important things to do in this world are to get something to eat, somthing to drink and somebody to love you. - Brendan Behan, in "Weekend", 1968
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:01 PDT