Previous Politech message: "HP recants: 'We promise not to use DMCA against researchers!'" http://www.politechbot.com/p-03837.html --- Subject: Formal Response From: ATD <simonat_private> To: Declan McCullagh <declanat_private> Date: 02 Aug 2002 00:40:09 -0400 Declan, Here you go. Thanks again for all of your help. Sincerely, Adriel T Desautels Founder, Secure Network Operations, Inc. 978-897-0974 --- Formal Response to HP DMCA retraction: 8/1/02: Secure Network Operations appreciates HP's retraction of their DMCA threats. We are dedicated to performing security research on a wide range of operating systems, following either an independent research/full disclosure model or a contract- based/NDA model. We hope to build productive relationships with many vendors in the future. Formal Response to HP DMCA threat: 7/31/02: Secure Network Operations, also known as SNOsoft, has been researching security vulnerabilities on Hewlett Packard's Tru64 UNIX operating system for over four months, and has found numerous vulnerabilities in the software. Due to the sensitive nature of these discoveries and the known critical uses of Tru64 in healthcare, military, and other arenas, SNOsoft attempted on multiple occasions to build a working relationship with HP so the information could be transferred privately. However, our well-intentioned efforts were misperceived by HP, as they responded to SNOsoft with a letter in which they accused us of attempted extortion. Hewlett Packard then requested that we follow current industry standard practices for releasing vulnerability information through a trusted third party, in this case CERT, and to wait forty-five days before releasing any proof-of-concept exploit code. There was an unauthorized release by Phased, prior to the end of the waiting period, and HP promptly responded with another letter. This time they cited possible violation of the DMCA law, amongst others, and requested that the exploit code, be quickly removed from SecurityFocus's website. SNOsoft willingly complied, and the posting was removed. That letter found its way into the hands of Declan McCullagh, a journalist for news.com with an interest in the DMCA law, who interviewed the founders of SNOsoft regarding HP's reference to the DMCA law. SNOsoft's position in these matters is to continue serving the community by finding and reporting security vulnerabilities in a broad spectrum of operating systems, software applications, and other hardware and software systems. Our mission is to provide certification for vendors and network administrators that indicate their systems have passed the most rigorous security testing available. Sincerely, Secure Network Operations, Inc. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 23:12:16 PDT