Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
The Laws of Full Disclosure
Federico Biancuzzi, 2008-02-26

Full disclosure has a long tradition in the security community worldwide, yet different European countries have different views on the legality of vulnerability research. SecurityFocus contributor Federico Biancuzzi investigates the subject of full disclosure and the law by interviewing lawyers from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece, Hungary, Ireland, Italy, Poland, Romania, and the UK.

Comments Mode:
Request for clarification of answer from UK contributor 2008-02-28
Anonymous (1 replies)
Re: Request for clarification of answer from UK contributor 2008-03-06
Anonymous
From his answer you can see that there are no UK laws that cover this. At least not yet.

About the "anti-hacking" tools, I think he (and the CoE) refers to tools used to hack, but that could also be used to audit a network. Classic example is nmap.

In other words, if you declare that you found a vulnerability using nmap, you might be considered guilty of using "hacking tools", even if you used them for "anti-hacking" purposes.

There were various detailed discussions in Germany when CoE was included in German laws. Phoenolit had to move their site for example...


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/466/34970#34970
Steps to Minimize Risk 2008-03-17
Benjamin Wright







 

Privacy Statement
Copyright 2009, SecurityFocus