Home page logo
/

interesting-people logo Interesting People mailing list archives

Attempt to muzzle MIT subway research backfires will companies EVER learn
From: David Farber <dave () farber net>
Date: Tue, 12 Aug 2008 18:37:54 -0400



Begin forwarded message:

From: "B.K. DeLong" <bkdelong () pobox com>
Date: August 12, 2008 5:41:50 PM EDT
To: dave () farber net
Subject: Re: [IP] Attempt to muzzle MIT subway research backfires

Dave -

For IP, if you wish.

Year after year, I am incredibly surprised at the amount and types of companies and organizations that have a knee-jerk reaction to a vulnerability or security hole being presented at either the Black Hat or DEFCON security events. Do PR professionals, crisis response managers, or corporate image specialists do their homework? Why isn't there an industry case study that says the fastest way to HELP a vulnerability in your software or product get absolute full and fast disclosure before you have time to fix it, is to try and stop it being discussed at one of these two events?

In the MBTA's case, they hit the absolute pinnacle by filing a lawsuit in Federal court setting off a trigger to both the cadre of journalists, security researchers, civil libertarian activists, and hackers to begin doing everything in their power to make sure the story gets heard and (in some of their minds), the vulnerability gets exposed.

The Public Relations Society of America should send out a brief every year in mid-July to remind them of the forthcoming security conferences and how extremely public attempts to quash research that may appear to be harmful to an organization's image will backfire horribly. In some cases, even quiet attempts to stop it could be detrimental as well.

It should serve to all companies and organizations across the country (and world) that maybe in the long run cooperation with these researchers very early on (or at least as soon as the talks are announced every year) is the best way to ensure proper lead time to put together patches while allowing for full disclosure of the vulnerabilities that may effect a product's userbase.

Why does no one seem to be getting the hint until after it happens to them?

On Tue, Aug 12, 2008 at 5:23 PM, David Farber <dave () farber net> wrote:

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: August 12, 2008 5:05:38 PM EDT
To: dave () farber net
Subject: ABC News: Attempt to muzzle MIT subway research backfires


http://abcnews.go.com/Technology/story?id=5564423&page=1



--
B.K. DeLong (K3GRN)
bkdelong () pobox com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
  • Attempt to muzzle MIT subway research backfires will companies EVER learn David Farber (Aug 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]