, 2008-02-26
Full disclosure has a long tradition in the security community worldwide, yet different European countries have different views on the legality of vulnerability research. SecurityFocus contributor Federico Biancuzzi investigates the subject of full disclosure and the law by interviewing lawyers from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece, Hungary, Ireland, Italy, Poland, Romania, and the UK.
Expand all |
Post comment
"There is perhaps one further aspect of the law to consider: the means by which the security flaw was uncovered. The Council of Europe Cybercrime Treaty (to which the USA is a signatory),includes provisions against the use of "anti-hacking" tools"
I don't understand this. I would have thought that the treaty would have provisions against "hacking" tools, not "anti-hacking tools".
If this is actually correct could you (a) elaborate on what an anti-hacking tool, as defined by UK law, actually is, and (b) explain the logic behind why it may be illegal to publicize a vulnerability obtained from using a tool intended to maintain security rather than break it? I would have thought it would be the exact opposite.
many thanks
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/466/34963#34963