& cplSiteName &

Feds Grant Cisco an Injunction

Light Reading
News Wire Feed
Light Reading
7/29/2005
50%
50%

SAN JOSE, Calif. -- Cisco Systems’ response to the Federal District Court’s issuance of a permanent injunction against Michael Lynn and Black Hat, Inc. from further disclosure of code and code pointers that could aid in the development of an exploitation of a network infrastructure:

We are gratified with the court’s actions. Cisco and ISS took action only as a last resort, to stop continued irresponsible public disclosure of illegally obtained proprietary information.

Cisco’s actions with Mr. Lynn and Black Hat were not based on the fact that a flaw was identified, rather that they chose to address the issue outside of established industry practices and procedures for responsible disclosure. It is Cisco’s opinion that the method Mr. Lynn and Black Hat chose to disseminate this information was not in the best interest of protecting the Internet.

The court’s order includes reference to the fact that ISS and Cisco had prepared an alternative presentation designed to discuss Internet security, including the flaw which Lynn had identified, but without revealing Cisco code or pointers which might help enable third parties to exploit the flaw, but were informed they would not be allowed to present that presentation at the conference. Once the stipulated permanent injunction is entered by the Court, Cisco and ISS will execute and file a dismissal of the Action against Michael Lynn and Black Hat, Inc.

In accordance with industry guidelines, Cisco, like other companies, generally does not release security notices until enough information exists to allow customers to make a reasonable determination as to whether or not they are at risk and how to mitigate possible risk. To clarify confusion caused by Lynn’s irresponsible disclosure and resulting customer concerns, the company is following its standard process for disclosing security concerns. Cisco plans to communicate with its customers and partners by issuing a security advisory within the next day.

Cisco Systems Inc.

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Featured Video
Flash Poll
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
December 3, 2019, New York, New York
December 3-5, 2019, Vienna, Austria
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events