Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: how to sell and get a fair price
From: gremlin () gremlin ru
Date: Wed, 16 Jan 2013 14:19:53 +0400

On 15-Jan-2013 06:28:53 -0500, Jeffrey Walton wrote:

After all, a vulnerability and an exploit are intellectual
products. Not sure copyright could be claimed, but why not?
More interesting is the question of how to enforce a copyright
claim while remaining anonymous...
Is it really necessary to stay anonymous? Writing hmmm... articles
about vulnerabilities for some (very specific) media and getting a
hmmm... fee for that is mostly legal.
Opposed to the use of that information...
I think its a slippery slope in the US.

I'm happy to reside outside of the US...

On one hand, you have, for example, Computer Fraud and Abuse Act
(FCAA), Digital Millennium Copyright Act (DMCA), and Unlawful
Intercept. US corporations are rarely prosecuted under the law
[...] but individuals are regularly prosecuted

That means, all these activities should not be performed in the US
(and other countries with similar Draconian laws)...

In general, this problem may be solved using the international division
of labour, when people do only what is legal in their country. Example:
reverse engineering is legal in Russia (unless it is used to create the
competing product), so I can perform it and share the results. Someone
else may then find suspicious code, other people may prove that code is
vulnerable by writing an exploit... In this case, everyone performs in
legal manner - except, obviously, the script kiddies who will use the
ready tool to break something.

If I had copyright over material used for security testing and
evaluations, I would probably assert my copyright. If I wrote
malware, I would likely want to stay anonymous

I'd simply not bother at all, as releasing materials to public domain
is the best protection against both plagiarism and "piracy".

Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]