Will you get sued for finding a vulnerability? In their EULAs, manufacturers widely prohibit decompiling source, a core step in finding most vulnerabilities.
In this report, IPVM examines:
- Prohibitions against reverse engineering from Axis, Hikvision, Dahua, Avigilon, Cisco, Huawei, Samsung, Google, and Apple
- Prohibition to protect IP
- Dahua's special 'confidentiality restrictions'
- Security researcher sued by Cisco and ISS for decompiling
- Court decisions on prohibition's enforceability
- Legal protections for security researchers
- Comments from Dahua, Cisco, Axis, and Motorola Solutions