Steve, did you even read Bruce's piece? They also say that he gave Cisco exactly the notice for which Hamm asks.
All the reports I've read, including this one from security expert Bruce Schneier - which Hamm linked to in his post - say that Lynn resigned in protest, not that he was fired. But, based on what has been published so far, I'd say Lynn crossed way over the line. I don't know all the details behind the story, so I may be all wet. Then it's okay for you to publicize the flaw to show how smart you are and get good press for the security firm you work for.
#STORYO 2.0 SOFTWARE#
But, typically you tell the software maker about them first, and give them plenty of time to fix them, so their products can be patched before much harm is done. Hey, it's good to expose flaws in software so they can be fixed. Cisco sued him and the conference organizers.The matter was settled out of court Thursday when Lynn agreed never to repeat the information he imparted in his Black Hat presentation and handed over any Cisco software code he had. According to published reports, what happened was Michael Lynn, who started off the week as a security researcher at Internet Security Systems, defied ISS and Cisco by putting on a presentation at the conference that explosed a flaw in older versions of Cisco's Internet Operating System. BusinessWeek blows the Michael Lynn storyīusinessWeek's Steve Hamm completely blows the Michael Lynn/Cisco IOS vulnerability story in his "Tech Beat" blog entry, which he titled, "The Black Hats must be gloating": The Black Hat conference blow-up is really disturbing.
0 kommentar(er)
