Security Workers Fired After Defcon Talk
Two Salesforce security team members were let go following their presentation of a new testing platform.
An article review.
Before you join that panel discussion of disgruntled bankers, consider this story that comes to us by way of Joe Cychosz: a pair of Salesforce security team members were let go shortly after their presentation at the Defcon security conference.
The presentation in question concerned a new exploit framework the presenters had designed for penetration testing, and reportedly had the blessing of Salesforce management until shortly before the talk was scheduled–a text message was allegedly sent to the duo warning them not to participate, but the former employees say they were not received until after the presentation.
While the exact reasoning behind management’s change of heart wasn’t known at the time the article was written it appears to be related to the public release of the application’s code and may have been done due to liability concerns. This incident highlights one of the bigger issues in the security research field, namely the responsible disclosure of exploit information and testing tools. While the security community often attempts to practice complete openness this can be at odds with the companies funding their work, and the correct balance between the two remains hotly contested.
Original article by Zack Whittaker writing for ZDNet.
Leave a comment
Attacks on AMD Trusted Platform Modules raise security questions. An article review. Read more
New research reveals issues with these commonly overlooked devices… An article review Read more
Known to be vulnerable since 2005, the algorithm will be phased out over the next sev Read more
Hackers are getting unusually creative in their attacks… An article review. One drawb Read more