J. M. Seitz wrote:
> On a related note, does anyone have an example where Company A was
> disclosing vulnerabilities about competing Company B's product and got into
> trouble over it? Is this something that could be litigated?
In fact, Tom Ptacek found a hole in one of Marcus' products while
working for a competitor. I suspect Tom reported it properly, though.
This research pissed MJR off to no end, which he made clear at one Black
Hat talk he gave, with Tom standing at the back of the room.
I suspect this was a key point in MJR's life when his code got touched
in an inappropriate way, and has led to his current level of curmudgeonry.
Or, for a more contemporary example, witness Symantec researchers
looking for holes in just about everything.
I fail to see any merit for a legitimate lawsuit. Of course, in the US,
you can sue whomever you please.
BB
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
