The Laws of Full Disclosure

The Laws of Full Disclosure
Federico Biancuzzi, 2008-02-26

Full disclosure has a long tradition in the security community worldwide, yet different European countries have different views on the legality of vulnerability research. SecurityFocus contributor Federico Biancuzzi investigates the subject of full disclosure and the law by interviewing lawyers from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece, Hungary, Ireland, Italy, Poland, Romania, and the UK.

Colapse all | Post comment

Request for clarification of answer from UK contributor 2008-02-28
Anonymous (1 replies)

Hi, Peter Sommer's answer states:

"There is perhaps one further aspect of the law to consider: the means by which the security flaw was uncovered. The Council of Europe Cybercrime Treaty (to which the USA is a signatory),includes provisions against the use of "anti-hacking" tools"

I don't unde...

[ more ] [ reply ]

Re: Request for clarification of answer from UK contributor 2008-03-06
Anonymous

From his answer you can see that there are no UK laws that cover this. At least not yet.

About the "anti-hacking" tools, I think he (and the CoE) refers to tools used to hack, but that could also be used to audit a network. Classic example is nmap.

In other words, if you declare that you found...

[ more ] [ reply ]

Steps to Minimize Risk 2008-03-17
Benjamin Wright

Computer crime laws are relatively new and untested. The question whether a researcher's actions constitute hacking, infringement or the endangerment of others is often complex. I argue responsible researchers can take a series of steps to build the case that are good guys and not bad guys. Thos...

[ more ] [ reply ]