http://www.csoonline.com/article/2981474/vulnerabilities/researcher-to-fireeye-if-youre-not-paying-im-not-talking.html
By Steve Ragan
Salted Hash
CSO Online
Sep 8, 2015
On Sunday, Kristian Erik Hermansen disclosed an unauthorized file
disclosure vulnerability in FireEye's core product. The zero-day
disclosure quickly generated public attention, as did the discussion
around three other vulnerabilities that haven't been published and the
$10,000 USD price tag on the flaws.
But the disclosed vulnerability and the three other unpublished flaws are
not the only thing FireEye has to be concerned about, there's plenty more
where that came from.
Hermansen, along with researcher Ron Perris, has claimed the discovery of
at least thirty additional flaws in FireEye's products. Many of them are
in the HX line, but plenty of others exist in various products too,
Hermansen added.
As word of Hermansen's disclosure spread online, the opinions of those
discussing the issue were split.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
