search

disclose / research-threats

Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong. A continuation of work started by @attritionorg
https://threats.disclose.io/
Creative Commons Zero v1.0 Universal
280 stars 19 forks source link

FireEye & RazorEQX #23

Open attritionorg opened 3 years ago

attritionorg commented 3 years ago

There are two FireEye incidents already. In the HTML comments I have had this for a while and tried to get more details on Twitter:

https://twitter.com/RazorEQX/status/642124276573859841 I came under fire from [FireEye] just over a year ago for disclosing a bug they didn.t seem important to fix. https://twitter.com/RazorEQX/status/642125189904470016 Let me talk to the attorney that defended me. I lost a job over it.

Here's where I asked if it was one of the incidents: https://twitter.com/securityerrata/status/643246845922250754 https://www.forbes.com/sites/thomasbrewster/2014/07/09/researcher-i-was-suspended-for-finding-flaws-in-fireeye-security-kit/?sh=6368bb336f77

Kind of surprised people still report vulns to FireEye after the other known incidents.

sickcodes commented 2 years ago

I can already see this one:

| 2014-07-09 | FireEye | Jean-Marie Bourbon | Security flaws in FireEye's Malware Analysis System | According to Forbes, after sending details of the vulnerabilities to be posted on Exploit-DB, Bourbon was suspended from his day job, due to pressure from FireEye who has denied involvement. Ultimately, FireEye patched the issues, released an advisory, and credited Bourbon. |