Internet Security Systems

In July 2005, security researcher Michael Lynn made a presentation to the Black Hat
security conference. As a researcher for Internet Security Systems (ISS) he had discovered
what he considered serious vulnerabilities in the underlying operating system IOS on which
Cisco based most of its firewall and router products. ISS had made Cisco aware of the
vulnerabilities a month before the presentation, and the two companies had been planning
a joint presentation there but cancelled it.
Concerned that users were in jeopardy because the vulnerability could be discovered by
attackers, Lynn presented enough details of the vulnerability for users to appreciate its
severity. ISS had tried to block Lynn’s presentation or remove technical details, but he
resigned from ISS rather than be muzzled. Cisco tried to block the presentation, as well,
demanding that 20 pages be torn from the conference proceedings. Various sites posted the
details of the presentation, lawsuits ensued, and the copies were withdrawn in settlement of
the suits. The incident was a public relations nightmare for both Cisco and ISS.
Study the above problem with reference to Michael Lynn’s case.
A number of issues are involved here. How far can or should a company go to limit
vulnerability disclosure? Is it better to document a technique known by manufacturers and
attackers, but not to users, or to leave users with a false sense of security? Where does the
law stand on this case?

“””” ARGUE ” IN ” FAVOR OF MICHAEL LYNN “””
discuses this issue with only these two main points in detail:
1- the presentation was verified by CISCO way before its due date
2- the overreaction of CISCO was for marketing purpose

and for EACH POINT, Connect to ethical definitions/theories ( computer ethics )and American legal system.

TAKE ADVANTAGE OF OUR PROMOTIONAL DISCOUNT DISPLAYED ON THE WEBSITE AND GET A DISCOUNT FOR YOUR PAPER NOW!