Penetration Testing mailing list archives
Re: Reverse Engineering - Legality
From: Tim <tim-pentest () sentinelchicken org>
Date: Wed, 30 Jun 2010 15:43:42 -0700
[1] "...the courts are willing to allow a limited amount of reverse engineering of copyrighted materials for the purpose of achieving interoperability between computer products as long as the final product does not contain any infringing code. When it does contain such code, it may at times also be excused under the doctrines of merger and scenes a faire if it is necessary to achieve interoperability or functions as a lockout code."
Hi Guys, *IANAL* Traditionally, things like EULAs can only be enforced through copyright. The software manufacturer is allowing to use their copyrighted material provided you are in compliance with their EULA. Depending on what countries you're talking about, there may be many exceptions to copyright restrictions for Fair Use purposes. Commonly, research is considered a fair use. In some places interoperability testing may be considered fair use. If you break the EULA, then they revoke your license and you are no longer permitted to use it. Under copyright alone, a breach of the EULA should result in punishment limited by how much the software was worth or how much "damage" you've done to the vendor's sales of that software. Things get cloudier though when you start talking about this horrible law we have in the US called the DMCA. If you're not familiar with it, you should read up on it because it goes far beyond the regulations of copyright. Also, patents and trade secrets laws can also create more legal confusion. Law as applied to software is simply broken right now in the US and many other places, and it's going to take a long time to fix it. I'm sure that doesn't clear the issue up, but hopefully it supplies some background. tim ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Reverse Engineering - Legality chintan dave (Jun 30)
- Re: Reverse Engineering - Legality Mr. MailingLists (Jun 30)
- Re: Reverse Engineering - Legality Jeffrey Walton (Jun 30)
- Re: Reverse Engineering - Legality Tim (Jun 30)
- Re: Reverse Engineering - Legality AK (Jun 30)