News 

Until Tuesday, researcher Michael Lynn was due to give such a presentation at the Black Hat security conference in Las Vegas when his employers, ISS, pulled the demo - entitled 'The Holy Grail: Cisco IOS Shellcode and Remote Execution' - at the 11th hour.

Insistent that the information be made public, Lynn quit his job and gave the presentation

ADVERTISEMENT

anyway at the conference yesterday, with the result that he was on the wrong end of a suit seeking to stop him saying anything else on 'proprietary information belonging to Cisco and ISS'.

A patch for the flaw in Cisco's Internetwork Operating System (IOS) has been available for some time and a variety of sources told the news service Cnet that it was Cisco rather than ISS who insisted the presentation be withdrawn.

However, Cisco, for its part, insisted that 'both Cisco and ISS felt that it would not be in the best interest of customers and partners to disclose the findings until the broader scope and impact is understood. Upon completion of a full characterization of this issue, the findings and results will be responsibly disclosed in a manner consistent with each organizations processes.'

Cisco told us it follows an 'industry established disclosure process' in making public details of security vulnerabilities.