Related link: http://www.computerworld.com/printthis/2005/0,4814,100637,00.html

Well, the other commentator described it as “dumb” and yet more people called it “abhorrent” and “equivalent to suing a whistle-blower”, but one database company actually threatened a vulnerability research firm after it shared the flaw information with the software vendor (!) and also had a policy of publishing flaws. It does look pretty dumb, but is the software vendor considering all the risks of doing such “strong-arming”? I see such behavior as incredibly risky since I suspect future researchers will not come to the vendor with their findings, they will just leak them and let the database customers be “owned” without a chance of protection…