• United States



by Paul Kerstein

Cisco, Security Researcher Settle Dispute

Jul 29, 20051 min
CSO and CISOData and Information Security

Cisco Systems and Internet Security Systems reached a settlementThursday with a researcher who quit his job so he could deliver aspeech on a serious flaw in Cisco software that routes data over theInternet. The Boston Globereports that Michael Lynn, who left his job at Internet SecuritySystems hours before his speech, agreed never to repeat the informationhe gave at the Black Hat conference in Las Vegas on Wednesday. He alsomust return any proprietary Cisco source code in his possession. Theincident highlights the issue of when to go public with a securityproblem. Security firms and computer vendors generally agree to do sowhen there’s a patch available. Although the flaw was patched in April,it’s possible that the same technique could be used to exploit othervulnerabilities in Cisco routers. Read more.