A French researcher, Guillaume Tena, found several holes in the Viguard anti-virus program that a malicious hacker could have exploited to nullify the software’s protections. What did he do? He published his findings.
The company responsible for the holy software, Tegam, sued for copyright violation. The company is asking for a 6000 euro fine and a four month jail term. A related civil case asks for 900,000 euros in damages.
The researcher’s website says he “showed how the program worked, demonstrated a few security flaws and carried out some tests with real viruses. Unlike the advertising claimed, this software didn’t detect and stop ?100 percent of viruses?.”
According to French security Web site K-OTik, Tena had technically broken copyright laws because his exploits were “not for personal use, but were communicated to a third party”.
However, K-OTik, which regularly publishes exploit codes, claims that the ruling could create a precedent so vulnerabilities in software, however critical, could not be declared publicly without prior agreement from the software publisher.
K-OTik?s editors say the ruling is “unimaginable and unacceptable in any other field of scientific research”.
” Security researcher to be jailed for finding bugs in software?”, ZDNet Australia, Jan. 11.