<<< Date Index >>>     <<< Thread Index >>>

Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France



In-Reply-To: <20040402143855.27920.qmail@xxxxxxxxxxxxxxxxxxxxx>


From: K-OTiK Security <Special-Alerts@xxxxxxxxxx>

>The article 323-3-1 of this "Law" will prohibit publication of any vuln. 
>technical details, any proof of concept and any exploit. 

Googling and translating the law gives this:

http://www.iris.sgdg.org/actions/lsi/evol/art35.html

After article 323-3 of the penal code, it is inserted article 323-3-1 thus
written:

"Art. 323-3-1. - The fact of offering, of yielding or of placing at the
disposal a data-processing program conceived to commit the offences
envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
infringement itself or the infringement most severely repressed "

Sure looks like the penalty for publishing an exploit tool will be equivalent 
to using the tool to commit a computer crime. I guess there aren't going to be 
any computer security conferences in France ever again.  Will Securityfocus and 
PacketStorm need to filter French addresses?  Will we have to stop selling 
penetration testing products to French citizens? 

Cheers,

Chris