After attending both BlackHat and Defcon conferences, taking into account all the various versions of the Mike Lynn/ISS/Cisco topic, no one has discussed the fact that Mike Lynn violated Non-Disclosure Agreements that he had signed with ISS when he joined. That alone is a major issue, how does an employer trust the people they employ? Who cares if Mike Lynn thought releasing the information he researched at ISS?? When Mike Lynn releases that any company that is considering employing him and does a thorough background check on him, including speaking with previous employers, personal references and a small bit of googling they will realize he cannot be trusted with proprietary information? Another issue that has garned lots of attention recently are network consulting companies and brick and mortat companies policies on hiring of "known" hackers regardless of the color of the hat (grey, black, white). These type of companies would rather someone with less experience but has the integrity of adhering of understanding the basic premise of a Non-Disclosure Agreement and the financial implications of violating those type of agreements in a proprietary nature of security exploits or disclosure. If Mike Lynn is provided with another opportunity of employment, I am sure he will be more careful even though the crowd cheered at Blackhat, after the cheers fade, no one has asked Mike Lynn if it was worth it?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/345/32238#32238