[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door

Bernie, CTA wrote:
Could Microsoft's attorneys go after sleuths who are, have been disclosing vulnerabilities in Microsoft's software and allege that the individual had discovered the vulnerability because they downloaded the code and examined it? Good tactic to impede pen testing, security research, or disclosure of security threats, which in the past have cast a ominous shadow on MS, is it not?

It may be wise for security sleuths to fully document their vulnerability / exploit discovery process, when, how, what, why. I'm sure Microsoft's attorneys will be serving production of documents request upon a select group. Note that under US Federal law, limited discovery to perpetuate testimony regarding any matter can be performed before a lawsuit is actually filed. 

There are clear, admitted cases of reverse engineering by vulnerabiity
researchers, which are prohibited by EULA, and which MS has so far
declined to pursue.  Why should this be different?  MS afraid the EULA
restrictions wouldn't hold up?

BB


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html