[Infowarrior] - Legal Threats Against Security Researchers

Richard Forno rforno at infowarrior.org
Tue Jan 20 14:47:04 UTC 2009


http://attrition.org/errata/legal_threats/

Legal Threats Against Security Researchers

How vendors try to save face by stifling legitimate research

It has been clear for years that businesses have dropped ethics in favor
of profit. Protecting the bottom line is usually more important than  
doing
the right thing, even if it means providing a better product to their
customers. Companies fear negative publicity, especially if said  
publicity
challenges the security of their products. It doesn't matter that just
about every company and product ships with numerous vulnerabilities, and
adding security is a band-aid solution rather than an integral part of  
the
development life cycle. Rather than work with researchers who are
frequently providing what would otherwise be high-dollar specialized
consulting for free, some companies opt to go take the muddy road and
pursue legal action against the researchers. This action is one of
desperation, and attempt to silence and stifle legitimate research and
free speech. Invariably, this ends up being a huge negative PR move,  
much
worse than what would occur with the publication of said research  
without
the legal murk.

[Table with companies, researchers and incidents]


http://attrition.org/errata/legal_threats/


More information about the Infowarrior mailing list