I have a simple question...If a client asks a developer to develop a penetration testing / security related software and that he is ready to accept the EULA which comes with the software...does that protect the developer ? if the client misuses the software and violates the terms in the EULA is the developer safe and not held responsible ?
thanks guys, i chose this topic for an assignment and I would be most grateful for some professional help.
If you suspect or should reasonably suspect that the customer will violate the license agreement to do something illegal, then the license will not protect you.
Use common sense. If Walmart hires you to write software to check the security of their 100,000 cash registers, you can do that, and if one rogue employee uses the software to commit a crime, that's not something you would have expected.
If I hire you write the same software, you should think "why is he paying all that money to test 100,000 cash registers that are none of his business?" It's obvious that I'm up to no good, and no license agreement will protect you.
Tikko: You asked "What about an electronically signed agreement stating the developer is not responsible?" Think about it: If you write software that a criminal then uses to steal my money, do you think I care one bit that the criminal said you are not responsible? Do you think a judge will care one bit that the criminal said you are not responsible?
In the end, the only thing that will protect you is checking out the potential buyer to make sure that they are legitimate, and walking away from sales where you are not sure they are. Since nobody is allowed to use any software to commit a crime, because people are just not allowed to commit crimes, a EULA stating this will not protect you.
An EULA saying that the software should not be used for illegal hacking might offer some slight protection, but probably not much. A specifically negotiated agreement detailing that the software is to be used for penetration testing and the legitimate purpose for which the client intends to use it would offer significantly more protection.
But if, under all the circumstances, the developer knows or reasonably should suspect that the software will be used illegally, then the developer might be found liable. If a reasonable developer would refrain because s/he knew or suspected a plan for illegal use, no signed agreement will protect the developer.
