After article 323-3 of the penal code, it is inserted article 323-3-1 thus
written:
"Art. 323-3-1. - The fact of offering, of yielding or of placing at the
disposal a data-processing program conceived to commit the offences
envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
infringement itself or the infringement most severely repressed "
Sure looks like the penalty for publishing an exploit tool will be equivalent to using the tool to commit a computer crime. I guess there aren't going to be any computer security conferences in France ever again. Will Securityfocus and PacketStorm need to filter French addresses? Will we have to stop selling penetration testing products to French citizens?
From: K-OTiK Security <Special-Alerts (at) k-otik (dot) com [email concealed]>
>The article 323-3-1 of this "Law" will prohibit publication of any vuln. technical details, any proof of concept and any exploit.
Googling and translating the law gives this:
http://www.iris.sgdg.org/actions/lsi/evol/art35.html
After article 323-3 of the penal code, it is inserted article 323-3-1 thus
written:
"Art. 323-3-1. - The fact of offering, of yielding or of placing at the
disposal a data-processing program conceived to commit the offences
envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
infringement itself or the infringement most severely repressed "
Sure looks like the penalty for publishing an exploit tool will be equivalent to using the tool to commit a computer crime. I guess there aren't going to be any computer security conferences in France ever again. Will Securityfocus and PacketStorm need to filter French addresses? Will we have to stop selling penetration testing products to French citizens?
Cheers,
Chris
[ reply ]