J. M. Seitz wrote: > On a related note, does anyone have an example where Company A was > disclosing vulnerabilities about competing Company B's product and got into > trouble over it? Is this something that could be litigated?
In fact, Tom Ptacek found a hole in one of Marcus' products while working for a competitor. I suspect Tom reported it properly, though. This research pissed MJR off to no end, which he made clear at one Black Hat talk he gave, with Tom standing at the back of the room. I suspect this was a key point in MJR's life when his code got touched in an inappropriate way, and has led to his current level of curmudgeonry. Or, for a more contemporary example, witness Symantec researchers looking for holes in just about everything. I fail to see any merit for a legitimate lawsuit. Of course, in the US, you can sue whomever you please. BB _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________