The story of Michael Lynn, a security researcher at Internet Security Systems (ISS), who gave a presentation on a now-patched flaw in the Internetwork Operating System (IOS) software used to power Cisco's routers, quitting his position at ISS in order to be able to do so, has seemingly been resolved for the moment. Both he and Black Hat (who gave him a venue to give the talk) are off the hook now, thanks to an agreement late yesterday.
Cisco's approach of trying, at all costs seemingly, to silence Lynn on how he reverse-engineered Cisco's software to exploit a known flaw has received unfavourable responses from the security community.
"I am afraid that this controversy will be a setback for security researchers and the full disclosure concept," Fletcher said. "I understand the fact that companies need to have time to patch problems before they are released to the entire world, but it is also important that the world receive this notification within a reasonable time period of the discovery."
"Many of the people working in the trenches to keep our networks secure are very frustrated at the lack of support from their vendors and their employers when it comes to plugging holes like this one," said Stephen Cobb, author of Privacy for Business.