Sungard is another offender in this sphere. Huge company, crappy software (the Sony Root-kit) and incompetent, litigious management.
When I was an undergrad I found a CSRF vulnerability in their product Banner. I tried contacting SungardHE on my own, but couldn't contact a human being, so I brought it to the attention of the IT dept at my university. They asked me to prepare a demo against their dev server. After seeing the demo, IT brought this to the attention of Sungard.
A day or two later, someone at Sungard called the school's general counsel and demanded that they bring charges against me for some ambiguously defined computer crime. A professor I was working for went to bat for me and smoothed things over.
We reached an agreement where I wouldn't disclose until they had distributed a patch and they would acknowledge me for the fix. They reneged on their end of the deal, so I released to Bugtraq.
When I was an undergrad I found a CSRF vulnerability in their product Banner. I tried contacting SungardHE on my own, but couldn't contact a human being, so I brought it to the attention of the IT dept at my university. They asked me to prepare a demo against their dev server. After seeing the demo, IT brought this to the attention of Sungard.
A day or two later, someone at Sungard called the school's general counsel and demanded that they bring charges against me for some ambiguously defined computer crime. A professor I was working for went to bat for me and smoothed things over.
We reached an agreement where I wouldn't disclose until they had distributed a patch and they would acknowledge me for the fix. They reneged on their end of the deal, so I released to Bugtraq.
I'm all for someone eating their lunch.