Manage updates with the Download App
March 9, 2005 11:21 AM PST
France puts a damper on flaw hunting
- Related Stories
-
Researchers: Digital encryption standard flawed
February 16, 2005 -
Flaw finders go their own way
January 26, 2005 -
Researcher faces jail for finding bugs
January 11, 2005 -
Security research suggests Linux has fewer flaws
December 13, 2004
In 2001, French security researcher Guillaume Tena found a number of vulnerabilities in the Viguard antivirus software published by Tegam International. Tena, who at the time was known by his pseudonym Guillermito, published his research online in March 2002.
However, Tena's actions were not viewed kindly by Tegam, which initiated legal action against the researcher. That action resulted in a case being brought to trial at a court in Paris. The prosecution claimed that Tena violated article 335.2 of the code of intellectual property and asked for a four-month jail term and a fine of 6,000 euros.
On Tuesday, the French court ruled that Tena should not be imprisoned but gave him a suspended fine of 5,000 euros. This means that he only has to pay the fine if he publishes more information on security vulnerabilities in software.
Chaouki Bekrar, a security consultant and co-founder of French Web site K-Otik Security, which is known for regularly publishing exploit codes, said that although it is good news that Tena did not have to go to jail, the ruling is very bad news for the security research industry in France.
"This seems to be a good news, but that is not the case," Bekrar said. "Publishing a security vulnerability or a proof of concept using reverse engineering or disassembly is now illegal in France. How can a researcher publish a vulnerability if he can't study the software's structure?"
On his Web site, Tena argued that if independent researchers were not allowed to freely publish their findings about security software, then users would only have "marketing press releases" to assess the quality of the software. "Unfortunately, it seems that we are heading this way in France and maybe in Europe," Tena said.
Tegam is also proceeding with a civil case against Tena, in which it is asking for 900,000 euros in damages.
Munir Kotadia of ZDNet Australia reported from Sydney.
10 comments
Join the conversation! Add your comment
Without 3rd parties actively hunting for flaws, the exploiters are the only one who will benefit. It is hard enough for software comapnies to fix found flaws, but nearly impossible for them to hunt them out themselves.
Without 3rd parties actively hunting for flaws, the exploiters are the only one who will benefit. It is hard enough for software comapnies to fix found flaws, but nearly impossible for them to hunt them out themselves.
Robert
--Chaouki Bekrar, security consultant"
Unless someone out there wants those flaws to exist. France is dealing with a different mind set. Either they see the world through rose colored glasses or someone needs to get pushed out. They shouldn't allow that behavior.
Robert
--Chaouki Bekrar, security consultant"
Unless someone out there wants those flaws to exist. France is dealing with a different mind set. Either they see the world through rose colored glasses or someone needs to get pushed out. They shouldn't allow that behavior.