* James Baldwin:
On Jul 28, 2005, at 1:50 PM, Joseph S D Yao wrote:
Given that it was clear that Lynn had NDA access to the Cisco source code already, it seems pretty clear that the original poster wasn't even speculating that he had stolen it, but to potential exploiters' having done so. Eh?
Lynn did not have NDA access to the Cisco source.
But this bug was probably coordinated via IT-ISAC, and ISS, as its host organization, had access to some information provided by Cisco under NDA. ISS might have some kind of Chinese Wall, but depending on their contracts, this may or may not affected what they can disclose at what time. All in all, this doesn't look like the typical "vendor tries to squelch independent research" incident. I also wonder what the impact on the IT-ISAC information sharing club will be, and on the future of ISS as a company.