[Owasp-leaders] Legality of dynamic scanning

Christian Heinrich christian.heinrich at owasp.org
Thu Nov 3 20:10:28 EDT 2011


On Fri, Nov 4, 2011 at 6:19 AM, Keith Turpin <keith.turpin at owasp.org> wrote:
> Has anyone heard of anyone implementing a policy that would require the
> software vendor's authorization to due this type of testing?

Depends on the software license, i.e. "reverse engineering" is
prohibited, but a vendor may be willing to release this information
under NDA?

It is easier to negotiate this during procurement e.g.

Christian Heinrich

More information about the OWASP-Leaders mailing list