Mehr schlecht als Recht - Grauzone Sicherheitsforschung

Explore the legal gray areas surrounding security research in this 42-minute conference talk from the 35th Chaos Communication Congress (35C3). Delve into the challenges faced by two research teams who were served legal notices after uncovering vulnerabilities through reverse engineering. Learn about the complex legal battle that ensued, involving claims of copyright infringement and trade secret violations. Gain insights into the marathon 7-hour court process that resulted in a settlement requiring responsible disclosure. Examine the unresolved questions regarding the legality of reverse engineering for IT security research, potential copyright law violations, and the lack of protection for security researchers against legal action from manufacturers. Discover the considerations companies must weigh before publishing findings and gain awareness of the problematic legal landscape surrounding security research.