> At the request of the manufacturer of ISS, we have removed all of their
> code from our scanning service. Even though ISS was clearly marked as
> being used, the author didn't feel we gave adequate credit or pointers
> and because we made our software available with a copy of their free
> version for a modest fee ($100) which doesn't even cover costs, that we
> were unfairly making a profit from their efforts.
The problem isn't that you are charging $100 for my program with some
additional scripts for web and checks, it is the fact that you broke the
only two constraints I had in my copyright.
1. Do not pretend you wrote it. In several announcements, you say your
company developed Vulnerability Testing code, to only fail to mention you
were using ISS as the basis of your engine.
2. Do not make any money off of my code. Not only were you charging for
repeated scans using my software, you are selling my demonstrational code.
It is bad enough to totaly abuse the copyright, but then to never even
notify the author of the code what you were doing shows a lot of integrity.
> Naturally, we have rewritten and replaced all of the functions of ISS
> as well as augmenting those functions with improved reporting to assure
> that those who use our free scanning service aren't as increased risk.
> I just wanted to publicly make certain that everyone knew that the scans
> performed before today used ISS, so that there is no misunderstanding.
I just performed the new improved scan that you offer and not only did
it do the exact same checks in the exact same order that it did when
you were using ISS, it is the exact same format of output. The
only difference I noticed was you removed any mention of ISS. That
is hardly considered an improvement.
You must have read the Greencard lawyers' Guide to Doing Business
on the Internet. What a coincidence you charge a $100 for something
that is already free. To save $100, you can get ISS v1.3 from
http://iss.net/iss which does a deeper scan than all.net's testing
Christopher William Klaus Voice: (404)441-2531. Fax: (404)441-2431
Internet Security Systems, Inc. Computer Security Consulting
2000 Miller Court West, Norcross, GA 30071