FireEye Takes Spat With Security Firm To Court

The German security company ERNW revealed in a blog post that fellow security firm FireEye has attained a court junction that will prevent the company's researchers from disclosing certain information about FireEye. The court junction follows an ongoing spat between the two security watchdogs over the disclosure of information about FireEye's product.

According to an article from Wired, the product at the center of the controversy is FireEye's Malware Protection System or MPS. ERNW has pointed out five vulnerabilities that the product allegedly contains. This happened early this year. As a standard procedure, the German company got in contact with FireEye to discuss the potentially harmful vulnerabilities.

One of the five has been discovered by the German consultancy's researcher, Felix Wilhelm. The flaw in question has been found to possibly be exploited to access the system of devices that have the MPS. FireEye thought the advisory ERNW has intended to release for the MPS had too much information. ERNW has originally planned to release a notification ninety days after the flaw has been exposed.

The contact and reviews between the two companies started in April and over the last few months the relationship between ERNW and FireEye has taken a turn for the worse. Although FireEye has admitted that ERNW may publish information it plans to release regarding FireEye's product, the amount of information is the issue for the security company. FireEye claims that what has been disclosed by ERNW can put its product and customers to some risks.

ERNW founder Enno Rey took to a blog post to express his disappointment regarding FireEye taking legal measures against his company. "I'd like to make clear that we met reasonable and, so we think, honest people from FireEye in the course of the procedure (you know who you are). But I can't hide that we are very disappointed from the course of action some people within the organization considered the right way of dealing with the situation." Rey stated.

He also said that he thought it was not an appropriate action on the other party's end to "sue researchers responsibly reporting vulnerabilities." In the matter of disclosing such information, how can one party say that too much has been said? At the moment, FireEye has already issued a patch for the vulnerability in question. However, it missed a timeline that is customary for security firms to release, to inform customers regarding when patches are issued.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Security

More from iTechPost

Real Time Analytics