[ISN] France puts a damper on flaw hunting

InfoSec News isn at c4i.org
Fri Mar 11 05:05:46 EST 2005


Forwarded from: security curmudgeon <jericho at attrition.org>

: http://news.com.com/France+puts+a+damper+on+flaw+hunting/2100-7350_3-5606306.html
: 
: By Munir Kotadia 
: Special to CNET News.com
: March 9, 2005
: 
: Researchers who reverse-engineer software to discover programming flaws 
: can no longer legally publish their findings in France, after a court 
: fined a security expert on Tuesday.
:
: In 2001, French security researcher Guillaume Tena found a number of 
: vulnerabilities in the Viguard antivirus software published by Tegam 
: International. Tena, who at the time was known by his pseudonym 
: Guillermito, published his research online in March 2002.
: 
: On Tuesday, the French court ruled that Tena should not be imprisoned 
: but gave him a suspended fine of 5,000 euros. This means that he only 
: has to pay the fine if he publishes more information on security 
: vulnerabilities in software.

According to reports on other lists, by people who apparently read and
speak French better than most American journalists, the court ruling
is not about him reverse engineering software and publishing bugs so
much as the fact he did it on unlicensed copies of the software. If
that is the case, this ruling is more about using pirated software for
security research than posting vulnerability information.

Would be nice if some of the French speaking list members could
translate the court ruling and help clear this up.





More information about the ISN mailing list