Foundstone Shoe On Other Foot

Cimmer writes "One of the premier hack shops (to pun or not to pun) gets busted for unethically ethically hacking. After filing a lawsuit against former employee JD Glaser for supposedly jacking company source code, Foundstone gets nailed for massive internal software piracy. Tonight's entree: Foot in Mouth."

Corporate piracy is evil

[Graspee_Leemoor]

Corporations who use one legal copy of software to install on all their company machines are doing damage to open-source.

Think about it: If it were impossible for them to just rip-off Windows, Outlook, Office, Ultraedit etc. they would use Linux, Evolution, OpenOffice, Scite/emacs/vi/whatever, since they obviously don't want to spend any money on software.

graspee

Re:Corporate piracy is evil

[Graspee_Leemoor]

"A security company researching vulnerabilities must have at their disposal a huge quantity of software."

Which they can buy with the huge quantity of money they get from clients.

"...it does not surprise me that such a company would commit copyright infringement in order to get some piece of software they will only use for a short time while testing something."

If they are testing it for a client they can factor the price of the software into the price they charge the client. If they are just researching it to advance the state of knowledge in the company then they can buy it from company funds.

"After all how many amateur bug finders have the bucks to properly license all of the software they test"

These are not amateur bug finders though, they are a "professional" company.

The bottom line is that nearly every business will do everything they can to maximise PROFIT, even if it means limiting the ability of other people to do the same.

Remember the 169th rule of acquisition:

"Competition and fair play are mutually exclusive.".

graspee

Winzip

How many of you run Winzip without a valid license?

Re:winzip license

[IvyMike]

• Anti-piracy method 1: Spend a lot of time and effort trying to keep ahead of the serial# spreaders and/or crackers, yet still fail pretty miserably, as every other program out there does. Only the honest people actually pay.
• Anti-piracy method 2: Sit back, drink a beer, don't give a rat's ass, and the honest people still pay.

Personally, I think WinZip's got the right idea.

On fear.

[mindstrm]

Partly, it's the way people act that causes fear.

I guarantee if someone that good acts very professionaly, doens't brag about what they do, and keeps a low profile with regard to their skills, they won't have problems. If you present yourself as a rogue living on the edge, people will not trust you.

An employer will not fire you JUST because you know how to pick a lock, but the fact that you constantly talk about what locks you picked might scare him a little.

Bad for the industry, not just slashdot

[akad0nric0]

This does not bode well for the industry as a whole. Think about how many companies share Foundstone's silhouette - young company, killer app, grows fast from nothing - like netForensics, ISS, et. al.

In my experience as a security analyst, the industry is chock full 'o great products that large companies hesitate to invest in because they're not IBM, Symantec, or the like. Giving 6 digits of cash to a company that could concievably go under in a year is a hard sell on my boss's boss (who signs the contracts) - and with good reason. As a result, we're left with awesome support for products that aren't always the best (IBM), or worse yet, crappy products with no support from a big company (CA).

By doing this, Foundstone has hurt a good chunk of the industry holding some great products, and by association (albeit to a lesser extent) hurt end-users of security apps like me.