06.08.2005 21:26

Lynn's case

Last week and eartly this week one case was very widely discussed in the security world. Schneier's blog has a good post about the orginal presentation and a followup.

When you read all the docs, the case is rather simple. He found a bug in Cisco software. Cisco was notified, patch released. After a number of months his company decided that he should make a presentation about it. Very close to the presentation term things became worse. Presentation was nearly cancelled, author left his company and was sued by Cisco.

Why? I have no idea. Bug patched. It's true that not everyone patches their equipment because of trouble it causes. Is it a good reason to stop a publication of bug details? I think it's not.

If you think you understand it all, let me know.

Materials: presentation text and photos, Wired interview. Read, watch and decide yourself.

Posted by Mara | Categories: Security