Full Disclosure mailing list archives
Re: security industry software license
From: AaRoNg11 <aarong11 () gmail com>
Date: Sat, 11 Oct 2008 09:47:09 +0100
The only thing this would serve to do is cause "cracked" versions of tools such as Metasploit and other security scanners to be put up on sites like the pirate bay. Then, what about if somebody coded their own "security tool"? Would they have to have a license to use it? This whole idea goes against the idea of open source and free software. Sure, let the large corporate vulnerability scanners do whatever the hell they want with their software, but try telling an open source project that they have to close their source so that the "bad guys" can't get hold of their tools. A licensing system of this size would cost millions, if not billions to implement. This, along with the fact that it would be completely unenforceable when implemented makes it clear that you really haven't thought this through properly. It's like the government springing up and saying you must have a license to own a computer. Virtually every home in every MEDc has a computer already, that was bought before the licensing. There are no records of who owns a computer. Must the government go round to each home and search for a computer? If the owner hasn't got a license what do they do? Remove the computer? Sorry for this crappy metaphor, but it's something of a simillar scale and it's all I could think of to represent the absurdity of the idea. On Fri, Oct 10, 2008 at 2:31 AM, n3td3v <xploitable () gmail com> wrote:
there should be a central license that people apply for to use software like metasploit. all the *respected* programmers would require the license before you get to download. anyone can apply for a licence, however only those who meet the criteria get given the licence. background checks are done on you to see you are who you say you are. that you're not a cyber criminal or terrorist, and that you're going to be using the software for the intentions of which the product was designed. verbal contracts never hold ground, saying, this software is for testing purposes isn't any guarantee that the bad guys won't use the software. we need a centralised security industry software license scheme so the good guys can take full advantage of the tools made by creators of security software, while shuttering the bad guys out. to rely on a "verbal contract" for security software as a safe guard is no longer enough for the security industry in light of metasploit and other borderline "evil" purpose software. its time that members of the industry work together to form such a scheme, to insure a streamline programme that all the good guys can be part of, only letting the good guys use the software for good purposes. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Aaron Goulden
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- security industry software license n3td3v (Oct 09)
- Re: security industry software license Valdis . Kletnieks (Oct 09)
- Re: security industry software license n3td3v (Oct 10)
- Re: security industry software license Michael Simpson (Oct 10)
- Re: security industry software license n3td3v (Oct 10)
- Re: security industry software license n3td3v (Oct 10)
- Re: security industry software license Valdis . Kletnieks (Oct 09)
- Re: security industry software license Freeman Y. (Oct 10)
- Re: security industry software license AaRoNg11 (Oct 11)
- Re: security industry software license n3td3v (Oct 11)
- Re: security industry software license Ureleet (Oct 11)
- Re: security industry software license AaRoNg11 (Oct 11)
- Re: security industry software license n3td3v (Oct 11)
- Re: security industry software license Pavel Kankovsky (Oct 12)
- Re: security industry software license n3td3v (Oct 12)
- Re: security industry software license vulcanius (Oct 12)
- Re: security industry software license n3td3v (Oct 12)
- Re: security industry software license Michael Simpson (Oct 13)
- Re: security industry software license n3td3v (Oct 13)
- Re: security industry software license n3td3v (Oct 13)
- Re: security industry software license n3td3v (Oct 12)