[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Legality of Open Source Tools

To: Andres Riancho <andres.riancho@xxxxxxxxx>
Subject: Re: [FD] Legality of Open Source Tools
From: Sullo <csullo@xxxxxxxxx>
Date: Fri, 4 Apr 2014 15:12:37 -0400

After a dozen-ish years of Nikto and some other tools, it's not been a
problem for me either.

However, it doesn't have to be illegal for someone to sue you, or include
you in a court case, which can ruin your day and possibly cost you money
regardless of right or wrong.  Having disclaimers and a license with a
forum selection clause can make your life easier should the worst case
thing happen.

Just my $.02--the closest I am to being a lawyer is having watched Boston
Legal.

-Sullo


to DoS something
On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho <andres.riancho@xxxxxxxxx>wrote:

> Hi. As w3af's project leader I've not received any legal threats over
> the seven years this project has been alive.
>
> Only a couple of months ago, and just to be sure, I added this
> disclaimer which users need to accept to run the tool.
>
> DISCLAIMER = """Usage of w3af for sending any traffic to a target
>  without prior mutual consent is illegal. It is the end user's
> responsibility to
>  obey all applicable local, state and federal laws. Developers assume
> no liability
>  and are not responsible for any misuse or damage caused by this
> program."""
>
> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <bryan@xxxxxxxxxxxxxxx>
> wrote:
> > Greetings
> >
> > I am a security researcher who is working on a project in my free time,
> > without going into details - the project will end with a powerful tool
> > being publicly released.
> >
> > Obviously most cyber security tools have the potential for abuse. What
> sort
> > of legal hurdles (if any) do you need to overcome to protect yourself
> when
> > releasing software along the lines of metasploit?
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>



-- 

http://www.cirt.net     |      http://rvasec.com/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Legality of Open Source Tools
  - From: Bryan Bickford
- Re: [FD] Legality of Open Source Tools
  - From: Andres Riancho

Prev by Date: Re: [FD] Legality of Open Source Tools
Next by Date: Re: [FD] Legality of Open Source Tools
Previous by thread: Re: [FD] Legality of Open Source Tools
Next by thread: Re: [FD] Legality of Open Source Tools
Index(es):
- Date
- Thread