Full Disclosure mailing list archives
Symantec Buys SecurityFocus, among others....
From: full-disclosure () lists netsys com (Eric Nelson)
Date: Thu, 18 Jul 2002 16:29:35 -0700
What about publishing and copyrighting the exploit? It's more legal ammo to go after whoever uses it for malicious purposes. Of course this doesn't *stop* the use of the exploit (discourages perhaps?), it just increases the penalties when one gets caught using it. -Eric On Thu, 18 Jul 2002, Blue Boar wrote:
Perhaps the best way to beat these cash hounds at their own game is to start using a strictly not-for-profit licensing on all
released
advisories and proof-of-concept code which stipulates that
for-profit
companies may not use said information in any way.Interesting concept. How do you propose to copyright an idea?
The idea cannot be copyrighted[1], but the code (which includes the exploit methodology) can be copyrighted with all the cursory terms and conditions for use.
You can decline to let someone mirror your exploit or advisory
verbatim,
but there's nothing you can do to keep someone from reporting about a vulnerability.
Sure you can...especially under the auspices of the DMCA. Hell, when you get down to it, all we need is one wild-eyed lawyer[2] on our side who'll toss a flurry of lawsuits and we'll pretty much have the corporate security firms by the short-and-curlies. All kidding aside, I like the notion of encrypting the data and putting stipulations on the decryption. Seems rather like poetic justice to me. Call it the Sklyarov cipher... - -Jay 1. Ideas, names and phrases can be trademarked, however. 2. Maybe one with experience via the Church of Scientology, or the one who brought us McDonald's coffee cups that now read "Allow to cool before applying to genitals"... ( ( _______ )) )) .--"There's always time for a good cup of coffee"--.
====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) | = |-' `--' `--' `-- I'll be diplomatic...when I run out of ammo. --' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE9N0pAGI2IHblM+8ERAlAnAJ9AbZ/g4I5cPUL3KogHYDjQK5p4VgCeN1pY Q9sVUOYHOhysxYYetRqAzCo= =+6qq -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Full-Disclosure () lists netsys com http://lists.netsys.com/mailman/listinfo/full-disclosure
Current thread:
- Symantec Buys SecurityFocus, among others...., (continued)
- Symantec Buys SecurityFocus, among others.... Blue Boar (Jul 18)
- Symantec Buys SecurityFocus, among others.... James Martin (Jul 19)
- Symantec Buys SecurityFocus, among others.... Ed Moyle (Jul 18)
- Symantec Buys SecurityFocus, among others.... Mark Earnest (Jul 18)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 18)
- Symantec Buys SecurityFocus, among others.... Nexus (Jul 18)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 18)
- Symantec Buys SecurityFocus, among others.... full-disclosure () lists netsys com (Jul 18)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 23)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 18)
- Symantec Buys SecurityFocus, among others. Nick FitzGerald (Jul 18)
- Symantec Buys SecurityFocus, among others. Steve (Jul 18)
- Symantec Buys SecurityFocus, among others. Brian Hatch (Jul 18)
- Symantec Buys SecurityFocus, among others.... hellNbak (Jul 19)
- Symantec Buys SecurityFocus, among others.... Chris Wysopal (Jul 19)