If you read the brief the prosecutor said that had he said "Have a nice day" or "Tornado is great" there wouldnt have been a case. The prosecutor himself said this was over content.

The trial had nothing to do with retaliation (nor did the sending of this advisory out, 8 months after quitting there).

And another point, so what if it is retaliation to reveal a real (as the company testified to) security problem? Should someone goto jail because they tell people that there is a problem and how to protect themselves? Bret specifically did not tell the world (which would be mostly people that would break in) that a specific site had a problem, he instead told only those affected.

Bret also worked for hours trying to help this company fix problems, something he did on his own time (ie he wasnt being paid). This was mentioned by a couple of employees at this company during trial.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6643/21192#21192