During the last year, I discovered numerous bugs in different commercial anti-virus products. All of those bugs have been reported to the vendor, and have been fixed by now.<p>I always wanted to share at least the interesting parts of my results publicly. Now, I have finally found the time to so [1].<p>However, I see two main issues concerning my plan.<p>First, it is very difficult to ensure that a bug I found does not exist in other software systems. This is particularly delicate with anti-virus software, because those products are linked <i>statically</i> to a large number of widespread libraries. For example, a bug in the decompression code of some archive format may easily affect a myriad of other systems.<p>Second, in order to explain the cause of a bug properly, I plan to disclose some of the software's internals (mostly disassembly). It is unclear whether this is already enough to infringe a copyright law (such as the DMCA).<p>It is not clear at all to me what the legal situation looks like. I'm not affiliated with any large company, and I obviously cannot afford being sued personally.<p>The exact legal situation might be unclear, but any kind of experience or story would help estimating the risk I am taking. Because in the end, it comes down to this. Is the likelihood of being sued low enough?<p>[1] https://landave.io/2017/06/announcing-a-new-blog-series-on-anti-virus-software/