• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Disclosing software vulnerabilities isn’t against the EULA?

Disclosing software vulnerabilities isn’t against the EULA?

2012-09-04 by Jason

Software is just a compiled bunch of code but it represents ingenuity, innovation, effort and time. It is also a very interesting product. When you purchase software, the software is licensed to you, not sold. The Terms of Service and End User License Agreement can do some pretty interesting things such as disallowing participation in a class action lawsuit and requiring arbitration instead. So, why, Hal Berenson wonders over on his blog, are software developers not putting in a clause to prevent disclosing exploits to third parties or requiring that they be disclosed to the vendor?

The software vulnerability market is a rapidly changing place with some companies paying out “bug bounties”, others relying on ethics and responsible disclosure, and the bad actors who pay for vulnerabilities to be used by malware. Some of the controversy of the vulnerability market spilled with this weekend’s Washington Post where some are calling for government regulation in this controversial industry.

At the star of the story is Vupen, a company that demonstrated vulnerabilities at this year’s Pwn2Own but didn’t disclose the details to Google, thus foregoing the prize money. Vupen chief executive later stated that they were reserving the knowledge for their customers, who are supposedly government entities that are members of NATO or allies.

If disclosing vulnerabilities were made against the EULA, it would give companies a contractual leg to stand on, much easier than internationally trying to get laws and regulation passed. Of course, “if you outlaw guns, only outlaws will have guns” comes up with its own “if you make disclosing vulnerabilities against the agreement, only those breaking the agreement will disclose vulnerabilities.” Germany has prohibited the sale or disclosure of vulnerabilities for free and the US Commerce Department already regulates the sale of software and exploits that relate to cryptography.

Of course, any proposed solution would eventually have to go through the courts in order to figure out what can stand. Could writing code to exploit a vulnerability be considered free speech?

(via Hal’s (Im)Perfect Vision)

Filed Under: Security and Privacy, Talking Points

Trending

  • Must-have programming books
    In Infographics
  • Avast updates free Windows and Mac clients to 2015
    In Security and Privacy, Software
  • Microsoft Launches The Xbox Kinect SDK Beta
    In Code, Entertainment, Hardware, Gadgets, and Products

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • 3d rendering circuit cloud for cloud computing technology Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource Telecom Application Development: When to Outsource
  • Printer printing document wirelessly from mobile phone or smartphone wifi connection vector flat cartoon illustration, file air print on fax or ink jet via cellphone bluetooth modern design Why Your Business Needs Online Fax Services In 2022
  • 6 Best Ways to Protect Your Business Account 6 Best Ways to Protect Your Business Account
  • How to download videos from Instagram How to download videos from Instagram
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource
  • Why Your Business Needs Online Fax Services In 2022

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2022 · Magazine Pro Theme on Genesis Framework · WordPress · Log in