Make reverse engineering legal (as you would like to get responsible disclosures) #17
Comments
|
I highly agree. This is absolutely ridiculous. You're essentially begging the reverse engineerers to sell their exploits to the bad guys, instead of disclosing them. |
|
Fixed in the current version of the terms of service. (But that creates a bunch of new issues) |
|
We removed the part about reverse-engineering. Please note, that this does still explicitly forbid attacks against server infrastructures or similar. Unfortunately, an information channel for changes for example mail does not exist by design in the current version. Since this change does not introduce any new obligations on the part of end users, both the existing agreement and the previous version can be referenced. |
|
Proposal for future changes: ToS change notification of some sort when opening the app / web app if it changed since it was last accepted on the device in question. |
|
If this has been fixed, why is the issue still open? |
|
TOS were changed accordingly. Closing. |
As your TOS currently states
it is basically illegal to do any kind of serious security research except reading your br0ken security documentation.
So if I do any responsible disclosure stuff for your system the next thing I probably would have to expect from you is a letter from your lawyer.
As I hope this is not what you venture-funded 🤡 actually want, just remove this part from your TOS.
The text was updated successfully, but these errors were encountered: