[olug] Agreement for non retribution for security presentation

Daniel Linder dan at linder.org
Tue Mar 2 03:03:28 UTC 2004


OBrien, Timothy  (Omaha Linux Users Group - OLUG) said:
> Looking for some good examples or suggestions from you all.
[snip]
> Now, my question: to have some legal standing & to CYA what sort of
> agreement for non retribution / no DCMA violations / etc should I get? I
> already have a verbal from the folks I am working with at the vendor, and
> for anything I will send them he would agree to.
>
> What is the entire picture I should be protecting myself for?

First off, obligitory "IANAL" warning... :)

>From what little I have talked with lawyers about similar projects, a
simple one-paragraph *postal* letter sent to them explaining what you want
do and a copy that they can sign and return to you so you have some sort
of physical paper trail backing.  You'll want to e-mail/talk to the person
you send the document to so they know it is coming and it's just a
due-dilligence thing on your part.

If they are that forthcoming as you imply then I don't think you'll have
much problem.  I'd only be nervous if they verbally said "go for it", but
then refused to sign a document stating the same.

On the otherhand, they might be fishing for a good reference to use as a
"security expert" and then they'll turn around, fix the holes, and use the
"hack proof" new version as a selling point... :)

Dan

-- 
Daniel Linder



More information about the OLUG mailing list