FireEye Inc (NASDAQ:FEYE) has recently dodged a bullet, after a researcher from ERNW GmBH detected flaws in the company’s security suite. In turn, FireEye decided to place an injunction against the researcher, preventing him from fully disclosing the details. The company stated that this was done in order to prevent its trade secrets. Consequently, FEYE has been drawing a lot of criticism from the security community, who were expecting a full disclosure of the vulnerabilities at the 44Con event in London.
Recent reports suggest that the flaw lied in the Apache servers of the company, which could be accessed by default use of the root account to access client data. A compromise on this level could have led to control without permission and data theft on a very large scale. Although the flaws have been fixed by the company, the researcher was still awarded an injunction from a German court. As a result, the company is trying to explain its position and exercise damage control. In a more recent statement from FEYE, the company stated that their team is comprised of security researchers as well and any comments on FireEye products are most welcome.
Furthermore, the company also explained that it had, at first, tried to prepare a joint disclosure report with ERNW, but due to differences in opinion the injunction was used as a last resort. As per the details, FEYE had requested the removal of several trade secrets from ERNW’s report, to which the latter would not agree to. The organizers of 44Con have labeled FEYE’s move as being against the freedom of speech. One of the organizers even stated that this is not just the restriction of free speech, but the company is also taking away the right of its customers to be warned about security vulnerabilities of the products they use.
FireEye Inc (NASDAQ:FEYE) closed at a share price of $33.59, after recording a decline of 4.87% during the September 23 session.
