On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet

December 7th, 2007

Autonomy threatens legal action over vulnerability alert

Posted by Ryan Naraine @ 3:55 am

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Passwords, Punditocracy, Responsible disclosure, Zero-day attacks

Tags: Autonomy Corp. Plc, Vulnerability, Secunia, Security, Ryan Naraine

Unhappy with Secunia’s plans to call attention to an already-patched vulnerability in its KeyView product, enterprise search vendor Autonomy is threatening to wield the legal hammer.

According to back-and-forth correspondence released by Secunia, the San Francisco-based Autonomy is threatening legal action to force the flaw alert aggregator to “suppress significant information about vulnerabilities in [its] products.”

Secunia CTO Thomas Kristensen offers the background:

Autonomy wants Secunia to withhold information about the fact that vulnerability SA27835 in Keyview Lotus 1-2-3 File Viewer, which has been fixed by IBM, obviously also affects Autonomy’s own versions 9.2 and 10.3 of KeyView.

According to Autonomy, publishing an advisory would be misleading and cause confusion because the issues already have been fixed; in fact, they believe that this would cause the public to believe that there are more issues in their product than is the case!

Kristensen released the full text of six letters between Secunia and Autonomy’s attorney to spell out the claims and counterclaims.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 11 Talkback(s)
Not at all.
Get the word out that an exploit exists, publicize that a new version of XYZ exists, but don't post exactly how to exploit it, including example code, etc.

I do remember a blog entry (might hav... (Read the rest)
Posted by: TripleII Posted on: 12/08/07 You are currently: a Guest | | Terms of Use
Thats only to be expected  nilotpal_c | 12/07/07
This has nothing to do with proprietary model...  mrOSX | 12/07/07
So, they disclose all their issues, do they?  nilotpal_c | 12/07/07
Yes but they dont threaten security frims with ...  mrOSX | 12/07/07
In that way, yes  nilotpal_c | 12/07/07
Oops, sorry, I meant ..  nilotpal_c | 12/07/07
Correct  John L. Ries | 12/07/07
In one way, I side with Autonomy  TripleII | 12/07/07
Agreed  John L. Ries | 12/07/07
Are you promoting security through obscurity?  NonZealot | 12/07/07
Not at all.  TripleII | 12/08/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline