Autonomy threatens legal action over vulnerability alert

Unhappy with Secunia's plans to call attention to an already-patched vulnerability in its KeyView product, enterprise search vendor Autonomy is threatening to wield the legal hammer.

According to back-and-forth correspondence released by Secunia, the San Francisco-based Autonomy is threatening legal action to force the flaw alert aggregator to "suppress significant information about vulnerabilities in [its] products."

Secunia CTO Thomas Kristensen offers the background:

Autonomy wants Secunia to withhold information about the fact that vulnerability SA27835 in Keyview Lotus 1-2-3 File Viewer, which has been fixed by IBM, obviously also affects Autonomy's own versions 9.2 and 10.3 of KeyView.

According to Autonomy, publishing an advisory would be misleading and cause confusion because the issues already have been fixed; in fact, they believe that this would cause the public to believe that there are more issues in their product than is the case!

Kristensen released the full text of six letters between Secunia and Autonomy's attorney to spell out the claims and counterclaims.