Closed initstring closed 2 years ago
pwainwright
commented
2 years ago Thanks for raising this issue. We agree this is overly restrictive and unnecessary. We encourage internal teams to find as many bugs and security defects as possible and report responsibly, including any kind of pen testing and deeper analysis. We will remove this clause and look to post the updated EULA next week.
initstring
commented
2 years ago @pwainwright - thanks for your quick and thoughtful response, as always. I look forward to the update.
Best wishes to you and the team!
carlvonderheid
commented
2 years ago @initstring - the EULA has been updated.
initstring
commented
2 years ago @carlvonderheid
Wow, that was quick! I know that modifying a legal document is no small task and really appreciate that you all took the time to do this. As always, we are thankful for your hard work and this excellent product.
Have a great day!
Hi team Vectr!
Thanks again for your hard work. We are in the process of a security review as we expand our usage of the Vectr software. Something that came up was this clause in the license:
We were very surprised to see this clause given the nature of the audience it targets. As red teamers ourselves, we make it a point to be curious about the software we use, analyze it in depth, etc. Attempting to prohibit this activity is not only a red flag from a vendor, but it is the type of policy that can ultimately hurt the security of the software as you have less people looking for bugs.
Is it possible this portion made it into the license by way of a standard template? Would you consider removing or revising this clause?
Thanks again!!!