Vendor Assaults Security Researcher – Security Byte

Vendors and security researchers haven’t always gotten along, but when one physically assaults the other you know things have gone way off course.

A pair of UK-based security researchers found many critical flaws in a vendor’s gambling player reward systems. All signs suggest that these researchers did their best—really going beyond the call of duty—to report these flaws to the vendor, and yet the negligent company not only didn’t fix the issues, they assaulted the researcher and have been denying everything despite proof otherwise. Watch today’s video to hear my rant about all the ways this company went wrong. It’s not my most practical video, but the world and other vendors need to know what not to do!

Episode Runtime: 8:08

Direct YouTube Link: https://www.youtube.com/watch?v=26HmTWV5aDU

EPISODE REFERENCES:

• SecJuice’s original scoop outing the security disclosure drama – SecJuice
• Tweet and video taken after the alleged assualt – Twitter
• Recording of the first half of the FBI call – DayAfterExploit
• Updated article after Atrient’s revoked response – CBR

—Corey Nachreiner, CISSP (@SecAdept)