[olug] Agreement for non retribution for security presentation
Daniel Linder
dan at linder.org
Tue Mar 2 03:03:28 UTC 2004
OBrien, Timothy (Omaha Linux Users Group - OLUG) said:
> Looking for some good examples or suggestions from you all.
[snip]
> Now, my question: to have some legal standing & to CYA what sort of
> agreement for non retribution / no DCMA violations / etc should I get? I
> already have a verbal from the folks I am working with at the vendor, and
> for anything I will send them he would agree to.
>
> What is the entire picture I should be protecting myself for?
First off, obligitory "IANAL" warning... :)
>From what little I have talked with lawyers about similar projects, a
simple one-paragraph *postal* letter sent to them explaining what you want
do and a copy that they can sign and return to you so you have some sort
of physical paper trail backing. You'll want to e-mail/talk to the person
you send the document to so they know it is coming and it's just a
due-dilligence thing on your part.
If they are that forthcoming as you imply then I don't think you'll have
much problem. I'd only be nervous if they verbally said "go for it", but
then refused to sign a document stating the same.
On the otherhand, they might be fishing for a good reference to use as a
"security expert" and then they'll turn around, fix the holes, and use the
"hack proof" new version as a selling point... :)
Dan
--
Daniel Linder
More information about the OLUG
mailing list