Re: Legality of Open Source Tools

[Ryan Dewhurst <ryandewhurst () gmail com>]

I believe Germany passed a law about exploits and/or "security tools". Also
in the UK, some of the amendments to the CMA has a statement about
distributing "articles" which some believe also includes software. I don't
know of any case in the UK though where someone has gotten into trouble
with this. I *believe* it is taken pretty seriously in Germany though.

Having released a few Open Source tools myself, I can confirm that I've
never had a legal threat of this nature. Although adding a disclaimer like
Andres's is a wise move.


On Fri, Apr 4, 2014 at 8:56 PM, Andres Riancho <andres.riancho () gmail com>wrote:

> Software is SO different to a gun... you can't really compare them.
> Real people will die in most cases when a gun is misused, only
> electrons are disturbed (in the great majority of cases) if you misuse
> a hacking tool.
>
> On Fri, Apr 4, 2014 at 3:50 PM, Not EcksKaySeeDee
> <noteckskayseedee () gmail com> wrote:
> > Re: Use of a disclaimer on these sort of tools (i.e., those that can harm
> > and/or be used for good).
> >
> > Wonder if any gun dealer applied something similar in their shop, or for
> > that matter, in a hardware store under the hammer section.
> >
> >
> > On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho <andres.riancho () gmail com
> >
> > wrote:
> > > Hi. As w3af's project leader I've not received any legal threats over
> > > the seven years this project has been alive.
> > >
> > > Only a couple of months ago, and just to be sure, I added this
> > > disclaimer which users need to accept to run the tool.
> > >
> > > DISCLAIMER = """Usage of w3af for sending any traffic to a target
> > >  without prior mutual consent is illegal. It is the end user's
> > > responsibility to
> > >  obey all applicable local, state and federal laws. Developers assume
> > > no liability
> > >  and are not responsible for any misuse or damage caused by this
> > > program."""
> > >
> > > On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <bryan () unhwildhats com>
> > > wrote:
> > > > Greetings
> > > >
> > > > I am a security researcher who is working on a project in my free
> time,
> > > > without going into details - the project will end with a powerful tool
> > > > being publicly released.
> > > >
> > > > Obviously most cyber security tools have the potential for abuse. What
> > > > sort
> > > > of legal hurdles (if any) do you need to overcome to protect yourself
> > > > when
> > > > releasing software along the lines of metasploit?
> > > >
> > > > _______________________________________________
> > > > Sent through the Full Disclosure mailing list
> > > > http://nmap.org/mailman/listinfo/fulldisclosure
> > > > Web Archives & RSS: http://seclists.org/fulldisclosure/
> > >
> > >
> > >
> > > --
> > > Andrés Riancho
> > > Project Leader at w3af - http://w3af.org/
> > > Web Application Attack and Audit Framework
> > > Twitter: @w3af
> > > GPG: 0x93C344F3
> > >
> > > _______________________________________________
> > > Sent through the Full Disclosure mailing list
> > > http://nmap.org/mailman/listinfo/fulldisclosure
> > > Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/