[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
From: Chris Wysopal <cwysopal@xxxxxxxxxxx>
Date: 3 Apr 2004 20:42:52 -0000

In-Reply-To: <20040402143855.27920.qmail@xxxxxxxxxxxxxxxxxxxxx>


From: K-OTiK Security <Special-Alerts@xxxxxxxxxx>

>The article 323-3-1 of this "Law" will prohibit publication of any vuln. 
>technical details, any proof of concept and any exploit. 

Googling and translating the law gives this:

http://www.iris.sgdg.org/actions/lsi/evol/art35.html

After article 323-3 of the penal code, it is inserted article 323-3-1 thus
written:

"Art. 323-3-1. - The fact of offering, of yielding or of placing at the
disposal a data-processing program conceived to commit the offences
envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
infringement itself or the infringement most severely repressed "

Sure looks like the penalty for publishing an exploit tool will be equivalent 
to using the tool to commit a computer crime. I guess there aren't going to be 
any computer security conferences in France ever again.  Will Securityfocus and 
PacketStorm need to filter French addresses?  Will we have to stop selling 
penetration testing products to French citizens? 

Cheers,

Chris

Follow-Ups:
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
  - From: Fozzy
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
  - From: Renaud Deraison

Prev by Date: [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted]
Next by Date: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Previous by thread: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Next by thread: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Index(es):
- Date
- Thread