Imprison The Messenger

from the how-nice dept

Why does this keep happening? Security professionals publish info on some kind of exploit, and instead of people looking to the software company that designed bad software as being the problem, everyone blames the person who outed the vulnerability. Obviously, there is a question of whether or not a security researcher should first inform the company in question of a vulnerability, but the idea of blaming the messenger is absolutely ridiculous. It's a "head in the sand" approach, which guarantees that (a) security holes stay open longer and (b) it's easier for those who want to exploit holes for malicious purposes to use them. Over in France, a researcher who published some vulnerabilities is now facing jailtime for revealing some security flaws in an anti-virus program, and noting that their claim to protect users from 100% of viruses was clearly false. The company in question isn't suing him for some sort of security breach, but for copyright infringement. Yes, apparently, the company is using copyright infringement not to protect their intellectual property, but to defend the reasons why they wanted to keep their software insecure for a longer period of time.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 11 Jan 2005 @ 6:39am

    No Subject Given

    There's a law review article on this topic.

    link to this | view in thread ]

  2. identicon
    Jared, 11 Jan 2005 @ 9:37am

    Media

    Why does the media explain in detail how to replicate (basically) possible terrorist attacks?

    Same principal - stupid media.

    link to this | view in thread ]

  3. identicon
    Mikester, 11 Jan 2005 @ 1:09pm

    hmmmm..

    So does anyone who finds a flaw on a website using McAfee's SiteDigger tool risk going to jail too?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.