Core Technologies outs Citect to Associated Press-- is this ethical?

    June 11, 2008
    As I posted over on Joe Weiss' blog Unfettered, Core Technologies "reported exclusively" to the Associated Press about a buffer overflow vulnerability they found in CitectSCADA. The flaw is repaired, although, once again Core insists that it was "five months" before Citect responded to their notification. They made the same charge against Wonderware a month or so ago...but they didn't...
    As I posted over on Joe Weiss' blog Unfettered, Core Technologies "reported exclusively" to the Associated Press about a buffer overflow vulnerability they found in CitectSCADA. The flaw is repaired, although, once again Core insists that it was "five months" before Citect responded to their notification. They made the same charge against Wonderware a month or so ago...but they didn't ever say how they had tried to contact WW or Citect-- sending emails to "info@..." probably won't get there. My continuing problem with this is that I don't think what Core (and the other security companies that gain visibility, advertising, street cred, and whatever else they want in support of additional business) is doing is ethical. Encouraging somebody to exploit a previously unknown (and according to Core, unexploited) vulnerability in Critical Infrastructure seems to me to be a dangerous, and potentially deadly practice. That's what Core is doing-- and they are doing it to advertise their services as a security consultant. If I did that to gain more readership, I'd have people correctly questioning my ethics, you bet.  Walt

    Continue Reading

    Sponsored Recommendations

    Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
    Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
    Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
    An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...

    Latest from Home

    Skilled adult woman racing through the difficult course in the adventure park with ease
    Hands from diverse individuals work together to arrange large gears on a surface, symbolizing cooperation and collective effort for success in a business environment.
    Source: Endress+Hauser
    Endress+Hauser engineer

    Most Read

    Sponsored