RE: Cisco cover up

Olsen_Jason · July 27, 2005, 9:14pm

This had _nothing_ to do with the source code that was
stolen. I have dealt with Lynn professionally on many
occasions and he has shown himself to have more than a fair
share of integrity. It is uncalled for to take to disparate
events and place them together in a way which smudges the
name of a respected researcher.

I don't see any smearing of anybody's name. What I do see is
speculation, which is to say, "reasoning based on inconclusive evidence;
conjecture or supposition." In otherwords, J offered a "guess" that the
two might be related and certainly wasn't pointing fingers as if that
was the definitive reason.

It sometimes happens that seemingly disparate events are actually
linked, so it was not an entirely illogical guess.

-JFO

Jason "Feren" Olsen DeVry, Inc.
Senior Network Engineer One Tower Lane
Em: jolsen@devry.com Oakbrook Terrace, IL 60181-4624
Ph: 630.645.1607 INOC-DBA: 19258*526 Fx: 630.382.2929

Joseph_S_D_Yao · July 28, 2005, 5:50pm

Given that it was clear that Lynn had NDA access to the Cisco source
code already, it seems pretty clear that the original poster wasn't even
speculating that he had stolen it, but to potential exploiters' having
done so. Eh?

James_Baldwin · July 28, 2005, 6:04pm

Lynn did not have NDA access to the Cisco source.

Joseph_S_D_Yao · July 28, 2005, 6:10pm

My apologies, I read something into what had been posted. But I still
don't see that anyone ever remotely suggested that Lynn had anything to
do with earlier thefts.

Florian_Weimer · July 28, 2005, 6:16pm

* James Baldwin:

Given that it was clear that Lynn had NDA access to the Cisco
source code already, it seems pretty clear that the original poster
wasn't even speculating that he had stolen it, but to potential
exploiters' having done so. Eh?

Lynn did not have NDA access to the Cisco source.

But this bug was probably coordinated via IT-ISAC, and ISS, as its
host organization, had access to some information provided by Cisco
under NDA. ISS might have some kind of Chinese Wall, but depending on
their contracts, this may or may not affected what they can disclose
at what time.

All in all, this doesn't look like the typical "vendor tries to
squelch independent research" incident. I also wonder what the impact
on the IT-ISAC information sharing club will be, and on the future of
ISS as a company.