Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Legality of Open Source Tools

From: John Young <jya () pipeline com>
Date: Fri, 04 Apr 2014 18:29:33 -0400
Would you suggest it is time to license security professionals like
architects, engineers, doctors and others lawfully empowered to
police hazardous systems in the public interest?

A code of security industry standards, like building and health
codes, might then be needed to assure compliance by requiring
preparation and publicly filing security system documents for
review by officials and, if satisfactory, issuing a permit to install the
systems, then official inspection of them after installation, then
periodic inspections thereafter to assure the systems remain
safe and secure.

Professional liability insurance would be requried to protect
the client, along with mandatory continuing education to renew
licensure.

Disastrous security failures might then lead to prosecution for
malpractice, loss of license, jail, fines and banning to philosophizing
about security risks at well-paying conferences, and at the very best,
a lucrative position with official or corporate regulators to oversee
the security industry, occasional lectures at universities and spy
agencies at home and abroad, even lifetime achievement prizes,
hell, why not a Nobel.

Damn fine idea, this just might put security above used car
sales as a profession, at last topping politicians.

Btw, is "security architect" a legal use of the term architect?

At 03:18 PM 4/4/2014, you wrote:
Real people can die if you move the right electrons attached to say life support systems in buildings, water treatment plants, hydro electric dams, and power stations. Real people will be affected if you manipulate electrons associated with banking, investing and finance. 

Mark



Mark Brunner
Security Architect


Brookfield Corporate Operations
eArchitecture and Enterprise Information Security
1 Adelaide Street East, Suite 1400, Toronto, ON M5C 2V9
T 416.649.8206, F 416.649.8245
Mark.Brunner () brookfield com
View important disclosures and information about our e-mail policies http://www.brookfield.com/emaildisclaimer. 

-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org] On Behalf Of Andres Riancho 
Sent: Friday, April 04, 2014 2:57 PM
To: Not EcksKaySeeDee
Cc: fulldisclosure () seclists org
Subject: Re: [FD] Legality of Open Source Tools

Software is SO different to a gun... you can't really compare them.
Real people will die in most cases when a gun is misused, only electrons are disturbed (in the great majority of cases) if you misuse a hacking tool.
On Fri, Apr 4, 2014 at 3:50 PM, Not EcksKaySeeDee <noteckskayseedee () gmail com> wrote: 
> Re: Use of a disclaimer on these sort of tools (i.e., those that can
> harm and/or be used for good).
>
> Wonder if any gun dealer applied something similar in their shop, or
> for that matter, in a hardware store under the hammer section.
>
>
> On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho
> <andres.riancho () gmail com>
> wrote:
>>
>> Hi. As w3af's project leader I've not received any legal threats over
>> the seven years this project has been alive.
>>
>> Only a couple of months ago, and just to be sure, I added this
>> disclaimer which users need to accept to run the tool.
>>
>> DISCLAIMER = """Usage of w3af for sending any traffic to a target
>> without prior mutual consent is illegal. It is the end user's
>> responsibility to  obey all applicable local, state and federal laws.
>> Developers assume no liability  and are not responsible for any
>> misuse or damage caused by this program."""
>>
>> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford
>> <bryan () unhwildhats com>
>> wrote:
>> > Greetings
>> >
>> > I am a security researcher who is working on a project in my free
>> > time, without going into details - the project will end with a
>> > powerful tool being publicly released.
>> >
>> > Obviously most cyber security tools have the potential for abuse.
>> > What sort of legal hurdles (if any) do you need to overcome to
>> > protect yourself when releasing software along the lines of
>> > metasploit?
>> >
>> > _______________________________________________
>> > Sent through the Full Disclosure mailing list
>> > http://nmap.org/mailman/listinfo/fulldisclosure
>> > Web Archives & RSS: http://seclists.org/fulldisclosure/
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/ Web Application Attack and
>> Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>>
>> _______________________________________________
>> Sent through the Full Disclosure mailing list
>> http://nmap.org/mailman/listinfo/fulldisclosure
>> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>



--
Andrés Riancho
Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework 
Twitter: @w3af
GPG: 0x93C344F3

_______________________________________________
Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure 
Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/




_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: