[Owasp-leaders] Legality of dynamic scanning

Christian Heinrich christian.heinrich at owasp.org
Thu Nov 3 20:10:28 EDT 2011


Keith,

On Fri, Nov 4, 2011 at 6:19 AM, Keith Turpin <keith.turpin at owasp.org> wrote:
> Has anyone heard of anyone implementing a policy that would require the
> software vendor's authorization to due this type of testing?

Depends on the software license, i.e. "reverse engineering" is
prohibited, but a vendor may be willing to release this information
under NDA?

It is easier to negotiate this during procurement e.g.
http://www.sans.org/appseccontract/


-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh


More information about the OWASP-Leaders mailing list