Free speech suppression or ...?
by Anton Chuvakin
Well, the other commentator described it as "dumb" and yet more people called it "abhorrent" and "equivalent to suing a whistle-blower", but one database company actually threatened a vulnerability research firm after it shared the flaw information with the software vendor (!) and also had a policy of publishing flaws. It does look pretty dumb, but is the software vendor considering all the risks of doing such "strong-arming"? I see such behavior as incredibly risky since I suspect future researchers will not come to the vendor with their findings, they will just leak them and let the database customers be "owned" without a chance of protection...
You'd think Sybase would be glad for any kind of non-bad publicity. And if not for their legacy customers, they'd be soon getting the one bad kind.