There's often a lot of discussions on security mailing lists about the legality of security research, proof-of-concept exploits, penetration testing, war-driwing, reverse engineering, lack of vendor notification, patent issues, copy protection circumvention and much more. Currently, France it outlawing any kind of security research: http://www.securityfocus.com/archive/1/360007/2004-04-06/2004-04-12/1 Back in January, the WebAppSec mailing list had a discussion about a patent from Sanctum that claimed to cover all forms of web application penetration testing: http://www.securityfocus.com/archive/107/350322/2004-01-13/2004-01-19/1 http://www.securityfocus.com/archive/107/350110/2004-01-13/2004-01-19/2 If you feel like discussiong the legal issues surrounding security research, I created a mailing list back then called SecLegal for this very purpose. To subscribe, either visit http://seclegal.jscript.dk Or send a subscribe request to seclegal-request@lists.jscript.dk Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@pivx.com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net>
