[attrition] errata: Legal Threats Against Security Researchers

security curmudgeon jericho at attrition.org
Tue Jan 20 04:48:40 UTC 2009


http://attrition.org/errata/legal_threats/

Legal Threats Against Security Researchers
How vendors try to save face by stifling legitimate research

It has been clear for years that businesses have dropped ethics in favor 
of profit. Protecting the bottom line is usually more important than doing 
the right thing, even if it means providing a better product to their 
customers. Companies fear negative publicity, especially if said publicity 
challenges the security of their products. It doesn't matter that just 
about every company and product ships with numerous vulnerabilities, and 
adding security is a band-aid solution rather than an integral part of the 
development life cycle. Rather than work with researchers who are 
frequently providing what would otherwise be high-dollar specialized 
consulting for free, some companies opt to go take the muddy road and 
pursue legal action against the researchers. This action is one of 
desperation, and attempt to silence and stifle legitimate research and 
free speech. Invariably, this ends up being a huge negative PR move, much 
worse than what would occur with the publication of said research without 
the legal murk.

[Table with companies, researchers and incidents]



More information about the attrition mailing list