Full Disclosure mailing list archives
Re: Legality of Open Source Tools
From: John Young <jya () pipeline com>
Date: Fri, 04 Apr 2014 18:29:33 -0400
Would you suggest it is time to license security professionals like architects, engineers, doctors and others lawfully empowered to police hazardous systems in the public interest? A code of security industry standards, like building and health codes, might then be needed to assure compliance by requiring preparation and publicly filing security system documents for review by officials and, if satisfactory, issuing a permit to install the systems, then official inspection of them after installation, then periodic inspections thereafter to assure the systems remain safe and secure. Professional liability insurance would be requried to protect the client, along with mandatory continuing education to renew licensure. Disastrous security failures might then lead to prosecution for malpractice, loss of license, jail, fines and banning to philosophizing about security risks at well-paying conferences, and at the very best, a lucrative position with official or corporate regulators to oversee the security industry, occasional lectures at universities and spy agencies at home and abroad, even lifetime achievement prizes, hell, why not a Nobel. Damn fine idea, this just might put security above used car sales as a profession, at last topping politicians. Btw, is "security architect" a legal use of the term architect? At 03:18 PM 4/4/2014, you wrote:
Real people can die if you move the right electrons attached to say life support systems in buildings, water treatment plants, hydro electric dams, and power stations. Real people will be affected if you manipulate electrons associated with banking, investing and finance.Mark Mark Brunner Security Architect Brookfield Corporate Operations eArchitecture and Enterprise Information Security 1 Adelaide Street East, Suite 1400, Toronto, ON M5C 2V9 T 416.649.8206, F 416.649.8245 Mark.Brunner () brookfield comView important disclosures and information about our e-mail policies http://www.brookfield.com/emaildisclaimer.-----Original Message-----From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org] On Behalf Of Andres RianchoSent: Friday, April 04, 2014 2:57 PM To: Not EcksKaySeeDee Cc: fulldisclosure () seclists org Subject: Re: [FD] Legality of Open Source Tools Software is SO different to a gun... you can't really compare them.Real people will die in most cases when a gun is misused, only electrons are disturbed (in the great majority of cases) if you misuse a hacking tool.On Fri, Apr 4, 2014 at 3:50 PM, Not EcksKaySeeDee <noteckskayseedee () gmail com> wrote:> Re: Use of a disclaimer on these sort of tools (i.e., those that can > harm and/or be used for good). > > Wonder if any gun dealer applied something similar in their shop, or > for that matter, in a hardware store under the hammer section. > > > On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho > <andres.riancho () gmail com> > wrote: >> >> Hi. As w3af's project leader I've not received any legal threats over >> the seven years this project has been alive. >> >> Only a couple of months ago, and just to be sure, I added this >> disclaimer which users need to accept to run the tool. >> >> DISCLAIMER = """Usage of w3af for sending any traffic to a target >> without prior mutual consent is illegal. It is the end user's >> responsibility to obey all applicable local, state and federal laws. >> Developers assume no liability and are not responsible for any >> misuse or damage caused by this program.""" >> >> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford >> <bryan () unhwildhats com> >> wrote: >> > Greetings >> > >> > I am a security researcher who is working on a project in my free >> > time, without going into details - the project will end with a >> > powerful tool being publicly released. >> > >> > Obviously most cyber security tools have the potential for abuse. >> > What sort of legal hurdles (if any) do you need to overcome to >> > protect yourself when releasing software along the lines of >> > metasploit? >> > >> > _______________________________________________ >> > Sent through the Full Disclosure mailing list >> > http://nmap.org/mailman/listinfo/fulldisclosure >> > Web Archives & RSS: http://seclists.org/fulldisclosure/ >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ Web Application Attack and >> Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> http://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: http://seclists.org/fulldisclosure/ > > -- Andrés RianchoProject Leader at w3af - http://w3af.org/ Web Application Attack and Audit FrameworkTwitter: @w3af GPG: 0x93C344F3 _______________________________________________Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosureWeb Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Legality of Open Source Tools, (continued)
- Re: Legality of Open Source Tools Volker Tanger (Apr 04)
- Re: Legality of Open Source Tools Toni Korpela (Apr 05)
- Re: Legality of Open Source Tools Toni Korpela (Apr 05)
- Re: Legality of Open Source Tools Henri Salo (Apr 06)
- Re: Legality of Open Source Tools Jeffrey Walton (Apr 06)
- Re: Legality of Open Source Tools Toni Korpela (Apr 06)
- Re: Legality of Open Source Tools Toni Korpela (Apr 06)
- Re: Legality of Open Source Tools Daniel Wood (Apr 07)
- Re: Legality of Open Source Tools Not EcksKaySeeDee (Apr 04)
- Re: Legality of Open Source Tools Brunner, Mark (Apr 04)
- Message not available
- Re: Legality of Open Source Tools John Young (Apr 05)
- Re: Legality of Open Source Tools coderman (Apr 06)