What happens when a vendor attacks a security researcher who points out security flaws in their software? On this episode, we talk about two white-hat security researchers who discover multiple vulnerabilities in a vendor’s software system. The vendor initially ignores their concerns until the FBI gets involved. It culminates in a physical attack by the vendor’s COO on one of the researchers. We look at all the details around the vulnerabilities, discuss common disclosure concerns and how the FBI has opened up a “Cyber Fusion” unit to act as a liaison between security teams and at-risk vendors.

Topics:

• Atrient has assaulted the security researcher who disclosed the vulnerability
• On reporting the vulnerability
• How the FBI got involved
• Vendor call with the FBI and the security researchers
• The Bug Bounty call
• The ICE Conference assault
• An email from Jessie Gill (Atrient COO)

Links:

Researcher Assaulted By A Vendor After Disclosing A Vulnerability Shodan Shodan wikipedia Dylan on Twitter Shodan Safari, where hackers heckle the worst devices put on the internet