The American security firm FireEye, which recently in the news as a trainee developed malware, has now sued a German security firm for the information to be published about several vulnerabilities in the software of FireEye.
German ERNW discovered earlier this year, five vulnerabilities (pdf) in the Malware Protection System (MPS) of FireEye.Through one of the vulnerabilities could allow an attacker access to the system. ERNW FireEye inquired in April about the problems. After 90 days, the German company was planning to put an advisory on vulnerabilities out. Other companies like Google use a deadline of 90 days for information leakage is brought out.
Advisory
FireEye found that ERNW in the advisory had placed too much information on the operation of the MPS. According to the German company was necessary to better understand the context of the vulnerabilities. ERNW finally decided to remove the details right from the advisory. According Enno Rey, founder of ERNW, both companies had in August reached an agreement on the final text of the advisory. Rey was with some colleagues went to Las Vegas to discuss the situation with FireEye there in person.
Less than a day later FireEye however sent a 'cease and desist' letter, which ERNW was accused of violating intellectual property. FireEye also stated in the letter that there was no agreement between the two sides reached. Before ERNW could respond FireEye had already gone to a German court to seek an injunction, which the company received as well. This annoys Rey.
"We think it's an inappropriate strategy to complain that report vulnerabilities responsibly to researchers," as the late founder in a blog posting know. He also says that they had shaken that nothing would be published with permission FireEye hands.Rey is also very disappointed in the way the US security and argues that this sends the wrong signal to researchers. The vulnerabilities in the software of FireEye have been patched.
No comments:
Post a Comment