FC: Snosoft replies to HP's recanting of DMCA nastythreats

[Declan McCullagh <declan () well com>]

Previous Politech message:

"HP recants: 'We promise not to use DMCA against researchers!'"
http://www.politechbot.com/p-03837.html

---

Subject: Formal Response
From: ATD <simon () snosoft com>
To: Declan McCullagh <declan () well com>
Date: 02 Aug 2002 00:40:09 -0400

Declan,
        Here you go.  Thanks again for all of your help.

Sincerely,
        Adriel T Desautels
        Founder, Secure Network Operations, Inc.
        978-897-0974

---

Formal Response to HP DMCA retraction:

8/1/02: Secure Network Operations appreciates HP's retraction of their DMCA 
threats. We are dedicated to performing security research on a wide range 
of operating systems, following either an independent research/full 
disclosure model or a contract- based/NDA model. We hope to build 
productive relationships with many vendors in the future.


Formal Response to HP DMCA threat:

7/31/02: Secure Network Operations, also known as SNOsoft, has been
researching security vulnerabilities on Hewlett Packard's Tru64 UNIX
operating system for over four months, and has found numerous
vulnerabilities in the software.

Due to the sensitive nature of these discoveries and the known critical
uses of Tru64 in healthcare, military, and other arenas, SNOsoft
attempted on multiple occasions to build a working relationship with HP
so the information could be transferred privately. However, our
well-intentioned efforts were misperceived by HP, as they responded to
SNOsoft with a letter in which they accused us of attempted extortion.

Hewlett Packard then requested that we follow current industry standard
practices for releasing vulnerability information through a trusted
third party, in this case CERT, and to wait forty-five days before
releasing any proof-of-concept exploit code. There was an unauthorized
release by Phased, prior to the end of the waiting period, and HP
promptly responded with another letter. This time they cited possible
violation of the DMCA law, amongst others, and requested that the
exploit code, be quickly removed from SecurityFocus's website.
SNOsoft willingly complied, and the posting was removed.

That letter found its way into the hands of Declan McCullagh, a
journalist for news.com with an interest in the DMCA law, who interviewed
the founders of SNOsoft regarding HP's reference to the DMCA law.
SNOsoft's position in these matters is to continue serving the community
by finding and reporting security vulnerabilities in a broad spectrum
of operating systems, software applications, and other hardware and
software systems. Our mission is to provide certification for vendors and
network administrators that indicate their systems have passed the most
rigorous security testing available.

Sincerely,
        Secure Network Operations, Inc.




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------