Responsibly disclosed a firmware vulnerability. Company responded by sending a Cease and Desist and Notice of Intellectual Property Infringement. At this point, do security researchers just lawyer up?

Home Forums Responsibly disclosed a firmware vulnerability. Company responded by sending a Cease and Desist and Notice of Intellectual Property Infringement. At this point, do security researchers just lawyer up?

This topic contains 0 replies, has 1 voice, and was last updated by  BrianMiz 3 weeks, 1 day ago.

  • Author
    Posts
  • #125627

    BrianMiz
    Member

    This company didn’t have a bug bounty program, so I got into contact with someone at Customer Support who forwarded my report to one of their engineers. That was four months ago. Today I received a letter telling me that I need to respond saying that I have 7 days to write back and confirm that I will refrain from releasing the details, will destroy all copies of the firmware, and agree to never touch their IP again.

    I haven’t released any information yet to the public. I was hoping that the company would do the right thing and patch their systems. But of course, I get served with a letter threatening legal action. So how do I carefully and legally approach this?

You must be logged in to reply to this topic.