Alright, let's be 100% honest. Cisco WAS telling not to release info because
they were scared that their marketshare would suffer...They are acting like
Microsoft...what a shame I used to really like Cisco....

Walter Roberson wrote:

> In article <bnrGe.54191$mC.13260@tornado.tampabay.rr.com>,
> Imhotep <Imhotep@nospam.com> wrote:
> :Todd H. wrote:
>
> :>> http://www.securityfocus.com/n
>
> :...the kicker is they are saying that software flaws fall under IP. That
> :is crewed up as software flaws are unintentional....
>
> No, Cisco is saying that information about the internal layout of
> IOS is Trade Secret. The researcher's talk would have had to
> describe essential features about the internal layout of IOS
> in order to indicate how, given -any- buffer overflow, one could
> consistantly take meaningful control of the device.
>
> The internal layout of an operating system is valid IP.
>
> Cisco wasn't objecting to the researcher publicising that
> a single buffer overflow attack had been found: Cisco was objecting
> that the researcher (who had access to NDA information) broke
> NDA in revealing the internal organization of IOS to show how
> classes of attacks would work against IOS.