Hidden Holes: DMCA and Software Vulnerabilities
In the United States, some companies have been using provisions of the 1998 Digital Millennium Copyright Act (DMCA) to keep IT security companies from informing the public about software vulnerabilities.
By Paul Roberts
November 08, 2002 — CSO — In the United States, some companies have been using provisions of the 1998 Digital Millennium Copyright Act (DMCA) to keep IT security companies from informing the public about software vulnerabilities.
In July, Hewlett-Packard warned Secure Network Operations that it was considering suing because one of their researchers revealed information about a security hole in HP's Tru64 Unix operating system. Under the DMCA, the researcher could face a $500,000 fine and up to five years in prison.
In Australia, last year's Cybercrime Act makes the unauthorized modification of computer data a crime and outlaws the possession of programs that are used to access data.
"Laws about importing and exporting data vary radically from country to country," says Bill Hancock, CSO of the Exodus service of Cable & Wireless. "In general, western countries have more open policies. China is very restrictive, and Korea just passed some very restrictive laws with mandatory jail time."
Still, the laws shouldn't affect IT security firms that are following safe practices and working within their mandate. "These laws affect people who are doing things that are frowned upon," says Hancock. "Companies that get proper nondisclosure agreements and liability requirements won't be affected."
Read more about application security in CSOonline's Application Security section.
Other stories by Paul Roberts
In-depth information on tools and strategies for writing secure code, finding vulnerabilities, and other critical application security issues
10 steps to secure browsing
Holistic patch management, browser settings, filtering, and other tactics
Vulnerability management: The basics
5 key tenets for making the most of vulnerability management efforts
Software security for developers
Building security in, from the requirements phase through deployment
Software security for app dev managers
Building and managing a software security program that pays off
How to use source code analysis tools
How to use web application vulnerability scanners
How to compare patch management software
Ranum: Does disclosure work?
- DDoS Attacks and The Ostrich Mentality: How to avoid having a very large egg on your face when you are hit by a DDoS attack
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Cloud Computing for Midsize Business: Delivering Innovation and Efficiency
- Cloud Security: Who do you trust?
- Dispelling the Vapor Around Cloud Computing
- Strengthen Your Business with Cloud Computing
- NSS Labs Next-Generation Firewall Security Value Map
- EMA Radar for Hosted Message Security Services: Q2 2011
- Howard Schmidt went the distance
With Howard Schmidt leaving the White House at the end of the month, the critiquing of his tenure is in full swing -- as it should be. There are still plenty of loose ends dangling in D.C., most notably Congress' inability to craft legislation that strikes the right balance between security and privacy. - #FFSec: Security pros to follow on Twitter, May 18
- DHS cybersecurity official leaves more questions than answers
More Salted Hash with Bill Brenner
