Bugtraq mailing list archives

Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France

From: Chris Wysopal <cwysopal () atstake com>
Date: 3 Apr 2004 20:42:52 -0000

In-Reply-To: <20040402143855.27920.qmail () www securityfocus com>


From: K-OTiK Security <Special-Alerts () k-otik com>

The article 323-3-1 of this "Law" will prohibit publication of any vuln. technical details, any proof of concept and 
any exploit.


Googling and translating the law gives this:

http://www.iris.sgdg.org/actions/lsi/evol/art35.html

After article 323-3 of the penal code, it is inserted article 323-3-1 thus
written:

"Art. 323-3-1. - The fact of offering, of yielding or of placing at the
disposal a data-processing program conceived to commit the offences
envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
infringement itself or the infringement most severely repressed "

Sure looks like the penalty for publishing an exploit tool will be equivalent to using the tool to commit a computer 
crime. I guess there aren't going to be any computer security conferences in France ever again.  Will Securityfocus and 
PacketStorm need to filter French addresses?  Will we have to stop selling penetration testing products to French 
citizens? 

Cheers,

Chris

Current thread:

Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (Apr 03)
- <Possible follow-ups>
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Chris Wysopal (Apr 03)
  - Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Fozzy (Apr 05)
  - Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Renaud Deraison (Apr 05)
    - Vuln Info Disclosure may become illegal in France [was: Re: Bugfinder Being Indicted As Criminal] Fozzy (Apr 06)
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (Apr 05)
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (Apr 05)