, 2005-08-22
When security researcher and ISS employee Michael Lynn went to give a presentation at the Black Hat conference in Las Vegas, little did he know he would ignite a legal firestorm questioning whether even the act of looking for security vulnerabilities violates the law.
Expand all |
Post comment
The truth is that Cisco sued Lynn to stop his bad-marketing speech. In fact Lynn was claiming that that bug was fully exploitable to get a shell, while Cisco said it could cause only a DoS.
So all of your story about doing things with "responsible discolusure" is wrong, because as soon as you accept the EULA the company can sue you for reverse-engineering. It's only up to them.
It doesn't matter if you gave them 60 days to release a patch or what. They can sue you. Any day.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/349/32267#32267