Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Regulators seek to limit security software exports

Maria Korolov | July 20, 2015
The rules, as written, would severely restrict international sales, deployment, research and even discussion of cybersecurity tools and exploits, experts say.

"It is likely that the new rules will hinder those fighting against cybercrime much more than it slows the spread of malware," he said.

"At the end of the day, we all know that a true malicious individual or organization would certainly not abide by the requirements," said Anthony Catalano, a consultant at SecureState. "Thus, leaving enforcement, punishment, and operational waste to those who are following the rules."

But, as currently written, the regulations would have a lot of adverse impact on legitimate business.

"If I buy software from a foreign vendor, and I find a flaw in that software, I would not be able to tell the vendor about that flaw without running afoul of these regulations," he said.

Or say there's a company, a bank for instance, that provides anti-virus or browser security for its customers -- these tools could fall under the new export licensing requirements, said Synack's Kuhr.

"An anti-virus solution has to subvert the normal operations of software and block calls to the operating system," he said. "But it has a very benevolent purpose."

Bug bounty problems could also be adversely affected, said Chris Eng, vice president of research at security vendor Veracode.

"Any vulnerability details, including proof-of-concept exploit code needed to test for the existence of vulnerabilities, could be subject to export restriction," he said.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.