Sep 11, 2015 By Jeremy Kirk
A spat between two security companies shows just how sensitive reporting software vulnerabilities can be, particularly when it involves a popular product.
The kerfuffle between FireEye and ERNW, a consultancy in Germany, started after an ERNW researcher found five software flaws in FireEye's Malware Protection System (MPS) earlier this year.
One of the flaws, found by researcher Felix Wilhelm, could be exploited to gain access to the host system, according to an advisory published by ERNW.
As is customary in the industry, ERNW contacted FireEye in early April with details of the problems.
Full Article
FireEye takes security firm to court over vulnerability disclosure
Userlevel 7
+54
Userlevel 7
Posted on 11 September 2015.Felix Wilhelm, a researcher with German security firm ERNW, was scheduled to give a talk at 44CON on Thursday about the critical vulnerabilities he and his colleagues found in a FireEye NX device running the webMPS operating system. And he did - but unfortunately part of his talk was ultimately censored by FireEye.
The group discovered the vulnerabilities earlier this year, shared their findings with FireEye, and helped them plug the holes. Once that happened, the group wanted to share their research with the security community. They did so by publishing some detail in September via a newsletter, and scheduled the aforementioned talk with 44CON.
But, at the last moment, Wilhelm had to censor part of his presentation, as FireEye asked the Hamburg regional court and was granted an injunction that prohibited ERNW from publicly sharing details about the software's architecture. full article
The group discovered the vulnerabilities earlier this year, shared their findings with FireEye, and helped them plug the holes. Once that happened, the group wanted to share their research with the security community. They did so by publishing some detail in September via a newsletter, and scheduled the aforementioned talk with 44CON.
But, at the last moment, Wilhelm had to censor part of his presentation, as FireEye asked the Hamburg regional court and was granted an injunction that prohibited ERNW from publicly sharing details about the software's architecture. full article
Userlevel 7
+3
By Thomas Fox-Brewster,
The $6 billion-valued security firm FireEye is fending off plenty of criticism this week. All of it is coming from a security community outwardly aghast at its approach to dealing with researchers hoping to expose flaws in the company’s malware-blocking tech.
http://www.forbes.com/sites/thomasbrewster/2015/09/10/fireeye-slammed-over-injunction/
The $6 billion-valued security firm FireEye is fending off plenty of criticism this week. All of it is coming from a security community outwardly aghast at its approach to dealing with researchers hoping to expose flaws in the company’s malware-blocking tech.
http://www.forbes.com/sites/thomasbrewster/2015/09/10/fireeye-slammed-over-injunction/
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.