"When we believe users are going to be misled, presumably for reasons of self promotion, we make every effort to nicely ask that the organization publish full and accurate information. When the issue continues unresolved, we regret we have to ask more forcefully. All Secunia needs to do is publish the facts in full without leaving out important facts and Autonomy, Secunia and our users will be well served."

O'Really?

Well, here's the facts as I understand them:

1. Secunia discovered a security vulnerability in Autonomy.

2. Secunia learned that at least one customer of Autonomy may not have patched their Autonomy-based code to close the security hole.

3. Secunia attempted to engage Autonomy to determine if the hole was, indeed, fixed and if third-party customers such as IBM had or would soon release the patch(es).

4. Secunia published the "results so far" with, as always, an eye to preventing data breaches (anyone remember TJX?).

5. Autonomy ignored the attempt to engage and immediately fell into

"disaster spin control" mode.

6. Autonomy also threatened litigation if Secunia performed it's ethical duty to inform consumers of a possible security problem; this some 3 days *after* the information had been published.

So, short version: Autonomy would strongly prefer that consumers who rely on their security product(s) suffer data breaches in ignorance, rather than ensure that all products built with their SDK are properly patched and secured.

Can anyone guess why I think lawyers are (as a rule) lower on the evolutionary and ethical scales than the Ebola virus?

While I see the western democracies diluting themselves to oblivion by means of corruption. Thirty years ago, companies needed the government to protect them from the commies, and that brought things like social justice, education for all, socialized medicine, ... . Nowadays, big companies are continuously eroding people's rights by using legal systems, politics and money as their tools.

Back then there was an enemy outside. Now the enemies are here, inside our countries and above us.

Rejoice!

:-P

"When we believe users are going to be misled, presumably for reasons of self promotion, we make every effort to nicely ask that the organization publish full and accurate information."

There are several interesting ways to interpret that clause "presumably for reasons of self promotion" and most interestingly, it cannot be interpreted as implying that Autonomy believes Secunia is presumably doing thing for reasons of self promotion, because there is no reference to Secunia that can grammatically be linked to the "presumably" clause. Indeed, the most direct interpretation is that Autonomy somehow believes that users are being misled to promote themselves...

But more interesting is that this entire statement is not relevant to this case, but is a general statement of Autonomy procedure (i.e, when x happens, we do y). It's a great way of trying to make people think, e.g, that they've nicely asked Secunia to publish full and accurate information even though the statement says nothing of the sort.

"When the issue continues unresolved, we regret we have to ask more forcefully."

Again, this is a general statement of procedure which is not linked to this issue in any way.

"All Secunia needs to do is publish the facts in full without leaving out important facts and Autonomy, Secunia and our users will be well served."

This is the best one of all. "All Secunia needs to do..." is not the same as "Secunia has not done..." but a lot of people make that assumption. Really, this is a statement of an ideal situation, with no judgement as to whether that ideal has been reached. Since Autonomy has equal ability to publish facts, it is logical to assume that if the ideal had not been reached, Autonomy would publish any missing facts. Since they have remained very tight-lipped about the vulnerabilities, it is logical to assume that Secunia has published the important facts. QED.

[posted AC in case their lawyers want to go after me, now ...]

From the names mentioned in the article, does this mean that MS software isn't actually less secure than others', it's just that they're the only ones who admit to their issues, welcome constructive criticism, have a mechanism for taking such on board and releasing fixes in an open and informative manner and *don't* sue the shit out of you if you discuss their vulnerabilities publicly?

(Never thought I'd have a use for *that* icon.....)

After all, he claims that "All Secunia needs to do is publish the facts in full without leaving out important facts and Autonomy, Secunia and our users will be well served".

Hey foo', guess what, that's exactly what Secunia tried to do! And instead of providing information, Autonomy start this whole palaver about how they'll sue Secunia to high heaven if they dare to publish anything that could be confusing.

Secunia does not publish things that are confusing. Secunia publishes facts. Stark. Naked. Facts.

Egg. Face. Jeez.