[Full-disclosure] security industry software license
wishi at pluto.sunn.de
Tue Oct 21 18:37:53 BST 2008
> there should be a central license that people apply for to use
> software like metasploit.
Well. There's. It's called competence. Clueless people don't use
Metasploit. Normally it doesn't lower the bar very much. Think of Core
or Canvas. You can get this too, nevertheless it's expensive. Who's
going to prevent Warez?
- Right, no one. So if you're talking about a theoretical concept, you
should face the reality: there's no software you can't get for free. And
if there's, nothing prevents you from writing your own exploits. Just
grab some source, and search through it. You'd be surprised how much
crap you'll find.
> only letting the good guys use the software for good
First build a devel, let it run, and sell the holy water. That's how it
works. Without any evil approaches, we wouldn't work.
Today's process of hardening needs something, which speeds it up by
fear. And that's exactly what Metasploit does. It pwns incompetent
management, driven by the idea to develop feature rich blaotware in no
time - without caring for design, structure and security of the customers.
I guess nobody who's having the good old skills needs an exploit
framework. So - what's the software you're going to certify by n3rd3v
license? Shellcode with 0s? :) Or some wrapper scripts? By the way:
security is a market. Nothing prevents you from selling exploits at
wabisabi or so. Nevertheless I wouldn't chose eBay. :)
just wishi - does Netninpo
- PGP ID: 0xCCCA5E74
Full-Disclosure is hosted and sponsored by Secunia.