Penetration Testing mailing list archives

Re: Reverse Engineering - Legality

From: Tim <tim-pentest () sentinelchicken org>
Date: Wed, 30 Jun 2010 15:43:42 -0700

[1] "...the courts are willing to allow a limited amount of reverse
engineering of copyrighted materials for the purpose of achieving
interoperability between computer products as long as the final
product does not contain any infringing code. When it does contain
such code, it may at times also be excused under the doctrines of
merger and scenes a faire if it is necessary to achieve
interoperability or functions as a lockout code."

Hi Guys,

*IANAL*

Traditionally, things like EULAs can only be enforced through
copyright. The software manufacturer is allowing to use their
copyrighted material provided you are in compliance with their EULA.
Depending on what countries you're talking about, there
may be many exceptions to copyright restrictions for Fair Use
purposes. Commonly, research is considered a fair use. In some
places interoperability testing may be considered fair use.

If you break the EULA, then they revoke your license and you are no
longer permitted to use it. Under copyright alone, a breach of the
EULA should result in punishment limited by how much the software was
worth or how much "damage" you've done to the vendor's sales of that
software.

Things get cloudier though when you start talking about this horrible
law we have in the US called the DMCA. If you're not familiar with
it, you should read up on it because it goes far beyond the
regulations of copyright. Also, patents and trade secrets laws can
also create more legal confusion. Law as applied to software is
simply broken right now in the US and many other places, and it's
going to take a long time to fix it.

I'm sure that doesn't clear the issue up, but hopefully it supplies
some background.

tim

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Reverse Engineering - Legality chintan dave (Jun 30)
- Re: Reverse Engineering - Legality Mr. MailingLists (Jun 30)
- Re: Reverse Engineering - Legality Jeffrey Walton (Jun 30)
  - Re: Reverse Engineering - Legality Tim (Jun 30)
- Re: Reverse Engineering - Legality AK (Jun 30)