"Security researchers in Germany continued to pull down exploit code
from their sites last week, scrambling to comply with a German law that
makes illegal the distribution of software that could be used to break
into computers.
The German law — referred to as 202(c) — went into effect on
Sunday. Many experts have complained that the language of the law is
very unclear, but a strict reading appears to make illegal the
distribution, sale and possession of security tools which could be used
to commit a crime.
In the latest move, PHP security professional Stefan Esser
removed on Friday all exploit code from his Web site dedicated to the
Month of PHP Bugs. While reasonable prosecutors would not likely pursue
security researchers, the risk is too great, Esser stated.
"The big problem is that the (law) is not clearly written; it
allows too much interpretation," Esser stated in the comments to the
post. "While our government says that they do not want to punish, for
example, hired penetration testers, this is not written down in the
law."
Story Link: http://www.securityfocus.com/brief/567
