I see that in a recent article published by eWeek claim legal experts say individuals examining the leaked Windows code could face charges of trade-secret violations and infringement of software patents.
http://www.eweek.com/print_article/0,3048,a=119396,00.asp Could Microsoft's attorneys go after sleuths who are, have been disclosing vulnerabilities in Microsoft's software and allege that the individual had discovered the vulnerability because they downloaded the code and examined it? Good tactic to impede pen testing, security research, or disclosure of security threats, which in the past have cast a ominous shadow on MS, is it not? It may be wise for security sleuths to fully document their vulnerability / exploit discovery process, when, how, what, why. I'm sure Microsoft's attorneys will be serving production of documents request upon a select group. Note that under US Federal law, limited discovery to perpetuate testimony regarding any matter can be performed before a lawsuit is actually filed. -- -- **************************************************** Bernie / [EMAIL PROTECTED] Chief Technology Architect / Chief Security Officer Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html