[9718] in bugtraq
Re: OT: Copyright on Security advisories
daemon@ATHENA.MIT.EDU (Doug Granzow)
Mon Feb 22 00:42:34 1999
Date: Fri, 19 Feb 1999 14:57:18 -0500
Reply-To: Doug Granzow <dgranzow@GUNZOUR.ISBU.DIGEX.NET>
From: Doug Granzow <dgranzow@GUNZOUR.ISBU.DIGEX.NET>
X-To: Aviram Jenik <aviram@JENIK.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36CC5376.27F8B73A@securiteam.com>
On Thu, 18 Feb 1999, Aviram Jenik wrote:
> So what are my options (mine, and all the other folks who want to
> publish this information)? The way I see it, I can only do copy & paste
> of this information into an html page (including the PGP signature!!!),
> and put it on-line.
> I agree that this advisory has a very nice design to it, but it's way
> different from the design of our web pages. The content is also
> different. The target audience is different. These advisories are
> usually long, and very technical. Our articles are short, and less
> technical.
Copyrights do not prohibit you from referencing or summarizing the
copyrighted work, as far as I know. A copyright protects the document
itself, it does not protect the facts presented in the document.
It doesn't sound to me like anything you are doing or wanting to do
violates any copyright. If you want to shorten and summarize the
advisory, you should feel free to do so, so long as you make it clear
that your document is not the original, give credit where credit is due,
and provide a reference to where someone can locate the original advisory.
There is a very good reason to copyright, PGP sign, and prohibit
modifications to security bulletins. When people start paraphrasing and
editing security bulletins, there is a pretty good chance that the
accuracy of the information is diluted, if not completely destroyed.
Well-written advisories are usually very carefully worded to provide
accurate information. (Unfortunately it seems that more and more often
they are also carefully worded to promote a product or an organization of
some sort.)
Doug Granzow
- I am not a lawyer. My opinions are my own, not my employer's.
