[attrition] errata: Legal Threats Against Security Researchers
security curmudgeon
jericho at attrition.org
Tue Jan 20 04:48:40 UTC 2009
http://attrition.org/errata/legal_threats/
Legal Threats Against Security Researchers
How vendors try to save face by stifling legitimate research
It has been clear for years that businesses have dropped ethics in favor
of profit. Protecting the bottom line is usually more important than doing
the right thing, even if it means providing a better product to their
customers. Companies fear negative publicity, especially if said publicity
challenges the security of their products. It doesn't matter that just
about every company and product ships with numerous vulnerabilities, and
adding security is a band-aid solution rather than an integral part of the
development life cycle. Rather than work with researchers who are
frequently providing what would otherwise be high-dollar specialized
consulting for free, some companies opt to go take the muddy road and
pursue legal action against the researchers. This action is one of
desperation, and attempt to silence and stifle legitimate research and
free speech. Invariably, this ends up being a huge negative PR move, much
worse than what would occur with the publication of said research without
the legal murk.
[Table with companies, researchers and incidents]
More information about the attrition
mailing list