PwC sends ‘cease and desist’ letters to researchers who found critical flaw

Zack Whittaker reports:

A security research firm has released details of a “critical” flaw in a security tool, despite being threatened with legal threats.

Munich-based ESNC published a security advisory last week detailing how a remotely exploitable bug in a security tool, developed by auditing and tax giant PwC, could allow an attacker to gain unauthorized access to an affected SAP system.

[…]

The corporate giant argued that ESNC shouldn’t have had access to the software in the first place, as it wasn’t a licensed partner.

“ESNC did not receive authorized access or a license to use this software. The software is not publicly available and was only properly accessed by those with licenses, such as PwC clients working with trained PwC staff,” said the spokesperson.

Read more on ZDNet.

This is yet another reminder of why the federal statute, CFAA, needs to be updated and to include protection for researchers.

About the author: Dissent

Comments are closed.