With some distance from the events casting shadows over my suspension from work at LS, I want you to have a look at the following link at rootkit.com from which the quotation in the title was taken.
If any of my readers are passionate reverse engineers and want to comment on the allegations in the above linked article, please do so. Obviously it is currently impossible for me to comment on anything without getting under the suspicion to disclose company secrets. In September, once I am definitely out of the employment contract, I will post some details myself. Although one might still argue that this is still disclosure of sensitive information, I can only say that this is not the case. There is one fact that I simply cannot disclose and that I would only disclose if I get attacked by Lavasoft for any reason – so only in case of self-defense. For any other reason I reject to disclose this fact and – obviously – risk my credibility by doing that. So whatever you think, I can only ask you to believe me if I say, that the informations may be sensitive for Lavasoft, but are first of all important for the users of Lavasoft’s products and they can be drawn from the information that is already publicly available.
In this topic on the Lavasoft support forum they talk about responsibility of those reporting vulnerabilities. No one, however, talks about the vendor’s responsibility to fix problems, both in a timely manner and appropriately.
BTW: The job done by this person “roy_batty” is not as impressive as it may seem at first sight. I personally wondered that no one did this before, since AAW SE has been released in spring 2004 … but well, he got his recognition 😉
// Oliver