[ISN] Hacker hire costs SecurePoint an ally

From: InfoSec News (isn@private)
Date: Wed Nov 17 2004 - 00:46:04 PST


http://news.com.com/Hacker+hire+costs+SecurePoint+an+ally/2100-7349_3-5453166.html

By Dan Ilett 
Special to CNET News.com
November 15, 2004

A German antivirus-software company has broken off its partnership
with firewall firm SecurePoint because of SecurePoint's decision to
hire Sven Jaschan, the alleged creator of the Sasser virus.

H+BEDV Datentechnik confirmed on Monday that it has halted cooperation
with SecurePoint because of the security implications of the hire.

"Whatever SecurePoint does is its own decision, but I do not wish to
see any stage of our product development closely linked to an alleged
virus author," said Tjark Auerbach, chief executive of H+BEDV. "We
take a dim view of employing virus authors. The attempt to offer a
second chance to an allegedly reformed virus author must be balanced
against the exclusive security interests of our customers."

Auerbach said his company had hoped to put its antivirus software in
SecurePoint's firewall, but "I was getting cold feet. If a former
virus writer is working on the program where a component is ours, what
would the customer think? If this engine misses a virus and a former
virus writer is working for that company, that smells a little bit
stinky."

Jaschan, who at one point was said to have been responsible for 70
percent of the world's viruses, was hired by SecurePoint earlier this
year. The company's offer came shortly after Jaschan was released on
bail after he admitted writing the virus. Jaschan has not yet been
sentenced.

Auerbach said he made the decision to break ties with SecurePoint two
minutes after he heard that Jaschen would be working there.

"I cannot support the decision," Auerbach said. "It casts a shadow of
doubt over the IT security industry, which has the top priority of the
minimization of security risks. This, and not least the security
interest of our customers, motivates us in halting cooperation with
SecurePoint."

SecurePoint had not responded to requests for comment at the time of
writing.

Dan Ilett of ZDNet UK reported from London.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Nov 17 2004 - 02:10:38 PST