"Security researchers in Germany continued to pull down exploit code from their sites last week, scrambling to comply with a German law that makes illegal the distribution of software that could be used to break into computers.

The German law -- referred to as 202(c) -- went into effect on Sunday. Many experts have complained that the language of the law is very unclear, but a strict reading appears to make illegal the distribution, sale and possession of security tools which could be used to commit a crime.

In the latest move, PHP security professional Stefan Esser removed on Friday all exploit code from his Web site dedicated to the Month of PHP Bugs. While reasonable prosecutors would not likely pursue security researchers, the risk is too great, Esser stated.

"The big problem is that the (law) is not clearly written; it allows too much interpretation," Esser stated in the comments to the post. "While our government says that they do not want to punish, for example, hired penetration testers, this is not written down in the law."

Story Link: http://www.securityfocus.com/brief/567