Penetration Testing mailing list archives
Re: Reverse Engineering - Legality
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 1 Jul 2010 01:52:47 -0400
Hi chintan,
I will do some additional research, I believe that should help.
Also see David Musker's "Protecting & Exploiting Intellectual Property in Electronics." He discusses quite a few rulings, including Sega Enterprises Ltd v. Accolade (OK for Accolade to use 20-25 bytes of a Sega cartridge-based security device) and Atari v. Nintendo (copying for is OK under fair use, but using the Copyright Registry as a cheat sheet infringed). Jeff On Wed, Jun 30, 2010 at 9:14 PM, chintan dave <davechintan () gmail com> wrote:
Thanks for your prompt response Jeffrey. I will do some additional research, I believe that should help. On Wed, Jun 30, 2010 at 5:59 PM, Jeffrey Walton <noloader () gmail com> wrote:Hi Chitan, A few years back, I spoke with an EFF lawyer on RE and interop. He told me that some RE was legal for interop purposes [1]. However, we never spoke in terms of a security assessment. I suppose the next step is to understand the legal points of "doctrines of merger" and "scenes a faire". Jeff [1] "...the courts are willing to allow a limited amount of reverse engineering of copyrighted materials for the purpose of achieving interoperability between computer products as long as the final product does not contain any infringing code. When it does contain such code, it may at times also be excused under the doctrines of merger and scenes a faire if it is necessary to achieve interoperability or functions as a lockout code." On Wed, Jun 30, 2010 at 10:23 AM, chintan dave <davechintan () gmail com> wrote:Hi Experts, I need a small help from you. Is RE legal for security assessments of products purchased from vendors? There has been a bit of confusion around RE topic. I know it is illegal to do RE to steal the idea, however this one, I need feedback from you folks. If you can share some authoritative resources that could confirm on the legality/illegality, it would be great. -- Regards, Chintan Dave, LinkedIn: http://in.linkedin.com/in/chintandave Blog:http://www.chintandave.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- Regards, Chintan Dave, LinkedIn: http://in.linkedin.com/in/chintandave Blog:http://www.chintandave.com
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Reverse Engineering - Legality Jeffrey Walton (Jul 01)