[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: NDA & SOX?

To: Christoph Gruber <grisu@xxxxxxx>
Subject: Re: [Full-disclosure] Fwd: NDA & SOX?
From: Jason Coombs <jasonc@xxxxxxxxxxx>
Date: Sat, 12 Mar 2005 09:01:55 +1300

Christoph Gruber wrote:
> If a manufactorer of software gets to knowledge of a certain weakness
> (vulnerability), does he have to inform the public immediatly?
> Is it even worse, if the manufactorer forces everyone, who has
> knowledge about that thing, to sign NDAs?

Let me take your question a little further... Suppose you are a "Director" of a public company, and you have knowledge of design flaws and vulnerabilities designed into a software product on purpose?

The flaws harm investors, they harm the public, they harm information security in general. They are unethical. You inform the company that the flaws exist, and nothing is done about them. Instead, you're slowly but forcefully pushed out of the company.

You've signed an NDA.

What do you do?

Regards,

Jason Coombs
jasonc@xxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Fwd: NDA & SOX?
  - From: Rob
- RE: [Full-disclosure] Fwd: NDA & SOX?
  - From: Aditya Deshmukh
- Re: [Full-disclosure] Fwd: NDA & SOX?
  - From: Nancy Kramer

References:
- [Full-disclosure] Fwd: NDA & SOX?
  - From: Christoph Gruber

Prev by Date: Re: [Full-disclosure] Multiple Vulnerabilities of PY Software Active Webcam WebServer
Next by Date: Re: [Full-disclosure] Stealing Free Articles and Auctioning It
Previous by thread: [Full-disclosure] Fwd: NDA & SOX?
Next by thread: Re: [Full-disclosure] Fwd: NDA & SOX?
Index(es):
- Date
- Thread