A long-simmering dispute between the CERT Coordination Center and vulnerability research companies flared into public view Jan. 27, when Next Generation Security Software Ltd. (NGSS) announced that it’s severing its relationship with CERT, saying that the government-sponsored Internet security reporting center had passed vulnerability information to third parties. The dispute between NGSS and CERT arose over a batch of six software vulnerabilities that NGSS shared with CERT at the same time it disclosed them to the affected software vendor, according to Mark Litchfield, cofounder of Sutton, England-based NGSS. Before a patch was issued or the public notified about the vulnerability, the affected software vendor was approached by two government agencies concerning the undisclosed vulnerability. Those agencies said CERT had informed them about the flaw, according to Litchfield. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.