Michael Lynn dispute reaches resolution

By Derek Sooman on
The story of Michael Lynn, a security researcher at Internet Security Systems (ISS), who gave a presentation on a now-patched flaw in the Internetwork Operating System (IOS) software used to power Cisco's routers, quitting his position at ISS in order to be able to do so, has seemingly been resolved for the moment. Both he and Black Hat (who gave him a venue to give the talk) are off the hook now, thanks to an agreement late yesterday.

Cisco's approach of trying, at all costs seemingly, to silence Lynn on how he reverse-engineered Cisco's software to exploit a known flaw has received unfavourable responses from the security community.

"I am afraid that this controversy will be a setback for security researchers and the full disclosure concept," Fletcher said. "I understand the fact that companies need to have time to patch problems before they are released to the entire world, but it is also important that the world receive this notification within a reasonable time period of the discovery."

"Many of the people working in the trenches to keep our networks secure are very frustrated at the lack of support from their vendors and their employers when it comes to plugging holes like this one," said Stephen Cobb, author of Privacy for Business.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.