Full Disclosure mailing list archives
Re: security industry software license
From: n3td3v <xploitable () gmail com>
Date: Mon, 13 Oct 2008 02:23:53 +0100
It would be a good way for the government to leverage control of hackers and the people who use their tools though. Disclosure Scotland is already in operation, all you need is a new law to say everyone who uses security software must get a Disclosure Scotland background check first. I think the government will introduce the security industry software license scheme and change the law to support it. There is also an option where some tools wouldn't need a license, the government would grade different types of security software depending on their effectiveness and potential damage to infrastructure and computers. For instance, category A,B,C..."A" being metasploit, "C" being angry ip scanner (is angry ip scanner even classed as security software, thats something that needs to be discussed as well, what defines "security software"?). Hackers may start to use the category of software as a scoreboard of how elite their software is, but who cares, its a reference for the scheme and for people who need to know which software needs a license and what type of license you need, and how deep a background check has been done on individuals who already have a license and are using software, or as an indicator to people who are about to apply for a license, how indepth the background check will be. C would mean no background check needed, B would mean basic background check needed, with a "basic" security industry software license, and A would mean "advanced" background check needed, with an advanced software license type. So there would be two different licenses, "basic" and "advanced", and C for no license required. Moreover, the category system can be setup by any of you, you don't need to wait for this scheme to be introduced, securityfocus, sans diary or other vendors could start categorizing software on what"potential" damage could be caused with security software if the bad guys were to use them for evil things.---we can get the category system setup as part of a seperate project, even if the license scheme doesn't get the go-ahead, it would still be a useful thing for folks to do. If anyone is bored and wants to compile a list of security software and categorise them all, then that would be really helpful, even if only for a pass time fun, not even for a serious reason or not part of the security industry software license scheme. You can still do it. It would be cool if you did it though and acknowledge the security industry software license scheme though. We talk about metasploit and the others being used for good things by good people, but why not ask the question "What If" the bad guys did use this software, what damage "could" be caused, and how far could they get? Could metasploit be used to carry out a fire sale, or just something small like finding a wireless access point thats not password protected. If software could be used in a fire sale, then it should be a category A software and require a full background check on every user who wants to use the software, "just incase". Also, if you breach category "A" software licensing laws, you get a bigger punishment than if you were in breach of the licensing law using a category B software type. So the users know and the courts know the seriousness of the crime of not having a license, breaking the license agreement terms, and how stiff a sentence the person in breach should get. I have taken ideas from driving licensing and drug law categorization to come up with this email. So we can take ideas from current laws on driving and drug offences and put them into forming the security industry software license scheme. No I wasn't on drugs when I wrote this email... but mike simpson my new stalker might speculate. Thank you for your time, keep the ideas coming. n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: security industry software license, (continued)
- Re: security industry software license Valdis . Kletnieks (Oct 09)
- Re: security industry software license n3td3v (Oct 10)
- Re: security industry software license Michael Simpson (Oct 10)
- Re: security industry software license n3td3v (Oct 10)
- Re: security industry software license n3td3v (Oct 10)
- Re: security industry software license Valdis . Kletnieks (Oct 09)
- Re: security industry software license Freeman Y. (Oct 10)
- Re: security industry software license AaRoNg11 (Oct 11)
- Re: security industry software license n3td3v (Oct 11)
- Re: security industry software license Ureleet (Oct 11)
- Re: security industry software license AaRoNg11 (Oct 11)
- Re: security industry software license n3td3v (Oct 11)
- Re: security industry software license Pavel Kankovsky (Oct 12)
- Re: security industry software license n3td3v (Oct 12)
- Re: security industry software license vulcanius (Oct 12)
- Re: security industry software license n3td3v (Oct 12)
- Re: security industry software license Michael Simpson (Oct 13)
- Re: security industry software license n3td3v (Oct 13)
- Re: security industry software license n3td3v (Oct 13)
- Re: security industry software license n3td3v (Oct 13)
- Re: security industry software license rysheve (Oct 13)
- Re: security industry software license Paul Ferguson (Oct 13)
- Re: security industry software license n3td3v (Oct 14)
- Re: security industry software license Valdis . Kletnieks (Oct 14)
- Re: security industry software license n3td3v (Oct 12)