evance

Germany's recently enacted law that prohibits the creation, distribution and possession of hacking tools is causing no small amount of consternation among the security industry. The aim of the law is to ensure the safety of corporate networks, however the result is anything but clear.

First, many hacking attacks on a corporate network come from countries other than where the target exists. A German law will do little, if anything, to protect a German target whose attacker is located in China, Egypt or North America.

Second, most Network security professionals use hacking tools to develop a deeper understanding of the vulnerabilities which they need to remedy. By banning to tools of the trade, so to speak, the law may perversely make it more difficult for German companies to secure their networks.

Third, aside from the "professional development" issue, there's a complementary research issue that must be addressed. Overall, professionals can't learn from coding errors they can't see, and the law seems to grant an unfair advantage to those individuals whose intentions are less than honorable. Unfortunately, the law does not make exceptions for research and security development, when it comes to the possession of hacking tools. If anything, the law lends an air of invincibility to those hackers who are determined to play that game.

The initial side-effects of the law include the migration of network security companies and resources out of Germany.