Tuesday, August 02, 2005

Responsible Disclosure: Ciscogate

For those who have not yet heard (shouldn't be anyone), Mike Flynn presented a flaw in Cisco routers at Black Hat 2005 that could bring the Internet to it's knees. There are conflicting sides to the story, but the gist is that Cisco was trying to down-play the seriousness of the flaw and keep the researcher from disclosing the vulnerability. Responsible disclosure means that after a reasonable amount of time trying to work with the vendor, the researcher must disclose the vulnerability to the security community so that the flaw may be fixed or defended against. There are rumors that the Chinese have already been exploiting this flaw, which makes it imperative that the security community know about it.

No comments: