Penetration Testing mailing list archives
Re: [PEN-TEST] Legalities and Liabilities
From: Tim Kramer <tkramer () TECHNOLOGIST COM>
Date: Wed, 13 Sep 2000 11:48:19 -0500
Does anyone have any examples or a website that I can see? I'm doing an audit on our standard templates and I want to make sure that we've including everything. I'm too pretty to go to jail! Thanks Tim Kramer ----- Original Message ----- From: "Dan Ryan" <DanRyan () DANJRYAN COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, September 12, 2000 3:28 PM Subject: Re: [PEN-TEST] Legalities and Liabilities
A written contract between the tester(s) and the organization being tested is critical. It protects the testers in the event that damage is inadvertantly done, and prevents charges under criminal codes that the tester is a hacker rather than an authorized user. It also protects the tester after the test. There are complicated issues that need to be addressed by an attorney who understands the field. This is not a "do it yourself" area. Daniel J. Ryan Attorney at Law Law Offices of Daniel J. Ryan 380 Forelands Road Annapolis, Maryland 21401 443.994.3612 (voice) 410.224.3977 (fax) DanRyan () danjryan com http://www.danjryan.com/Legal.htm -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Ben Lull Sent: Tuesday, September 12, 2000 2:43 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Legalities and Liabilities Hallo, I have some questions regarding the legal aspects of penetration testing (I'm hoping this hasn't be answered on the list before, I haven't had time to keep up for the past couple of weeks). 1.) Before a pen/sec test takes place, what type of legal documentation should be obtained (disclaimers, limitation of liability, etc..)? 2.) What are major topics that should be discussed and included in a contract between the pen/sec company and their client? Should a contract even be written up in the first place? 3.) When conducting a pen/sec test what legal issues should be kept in mind (e.g.. get out of jail free type of stuff). 5.) After a pen/sec test, if the client's network is cracked, can the pen/sec company be held responsible? 6.) If the pen/sec company offers services such as actual securing of systems, can they be held responsible if the systems they secured are cracked? I'd appreciate as much feed back as possible. Once again I apologize if this has already been discussed. Thanks, Ben Lull *** * Ben Lull * ValleyLocal Internet, Inc. * Systems Administrator ***
Current thread:
- [PEN-TEST] Legalities and Liabilities Ben Lull (Sep 12)
- Re: [PEN-TEST] Legalities and Liabilities Dan Ryan (Sep 12)
- Re: [PEN-TEST] Legalities and Liabilities Tim Kramer (Sep 13)
- Re: [PEN-TEST] Legalities and Liabilities Coderian (Sep 12)
- Re: [PEN-TEST] Legalities and Liabilities Wandering One (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Legalities and Liabilities Bhanu Prasad (Sep 12)
- Re: [PEN-TEST] Legalities and Liabilities Dan Ryan (Sep 12)