Guillaume Tena, a French security researcher currently with Harvard University, could face jail time for publishing vulnerability research on TEGAM International’s Viguard antivirus software. French prosecutors claim that Tena violated French copyright laws by publishing his research, which, according to a French judge included some re-engineered Viguard source code. Prosecutors are seeking a 4-month jail term and a 6,000 euro fine (approximately 7,890 US dollars).
Read the whole story:
http://virusthreatcenter.com/permalink.aspx?BlogId=113
How should we balance the developer’s copyright and trade secret privileges with the public’s need for secure software?
How do you believe software vulnerabilities should be disclosed?
Should researchers and IT professionals submit vulnerability research first to developers and allow for a fix before going public?
How long should developers be given to release a fix before vulnerability research is made public?
