On Tue, 25 May 2004 14:26:55 PDT, VX Dude <vxdude2003@xxxxxxxxx> said: > Which law? Does this mean whitehats will start > recognizing EULAs pertaining to proprietary property? In the US, the basic statute is 17 USC 106: http://www4.law.cornell.edu/uscode/17/106.html Sec. 106. - Exclusive rights in copyrighted works Subject to sections 107 through 121, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following: (1) to reproduce the copyrighted work in copies or phonorecords; (2) to prepare derivative works based upon the copyrighted work; (3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending; (4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly; (5) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; and (6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission 17 USC 107 discusses "fair use": http://www4.law.cornell.edu/uscode/17/107.html Sec. 107. - Limitations on exclusive rights: Fair use Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include - (1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; (2)the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors ---- end quote, start analysis.. Section 107 lets you *attempt* to claim "fair use" as a defense against a charge of copyright infringement. The judge is directed to consider *all 4* factors. Note that you *might* have a fighting chance on point (1), if you're a recognized *non-profit* security researcher (if you're making a profit (even indirectly) off your Cisco advisories, you're screwed). You're also likely to be screwed on point (4) - Cisco can probably claim a fairly large chunk of their yearly revenue is based on a proprietary IOS.... > I agree that whitehats should only audit and/or "find" > security holes in software in which they are invited > or allowed to do so. But isnt the whole point of the > word full in full-disclosure to expose flaws that the > owners of the property dont want known. Sounds like a > greyhat/blackhat mailing list to me. Plenty of vulnerabilities have been found in open-source projects, where the source is available. Plenty *more* vulnerabilities have been found in proprietary software *without* having access to the source, using the well-understood methods of software reverse engineering.
Attachment:
pgp00130.pgp
Description: PGP signature