|Badlock, or Bad Form?
By: Mike Bush
For about a month, an Internet security company hyped a vulnerability that they’d discovered. They created a logo and a website and even did a countdown. The PR folks behind the initiative? They did a good job getting coverage for their client. But when you stop and think this one through, there are a few questions that should come to mind.
First off, is it OK to hype a vulnerability? For background (and in case you’re not in the space), IT professionals and companies like SerNet, which discovered the flaw, regularly identify security issues in other vendors' software. It’s part of their job description, and their work is critical in keeping companies running.
The usual agreement (agreement may be too strong a word…it seems to be an unwritten rule) is that they identify a flaw and then reach out to the vendor with the flaw to let them know about what they’ve found. It gives the vendor a chance to fix the flaw before other hackers get to read about it and then try it out on their own. Generally speaking, if a company learns of a vulnerability and does nothing about it, that's when it is OK to go to the press.
But the approach by SerNet was FAR different. They essentially created web content akin to “Hey, look at that, Microsoft engineers forgot to lock the back door.” Should this be OK?
Secondly, it turns out that quite a few folks in the security industry didn’t see this bug as such a big deal. Wired did a terrific job covering the entire thing, identifying experts who were referring to the vulnerability as “Sadlock.”
Lots of flacks in technology have, at various times, taken on clients that were marketing or selling vaporware. It happens, with startups and enterprises alike. In the case of SerNet, it isn’t quite vaporware, but it doesn’t seem like the industry found this to be the end of the world. As such, will security companies that make an interesting discovery feel compelled to market it before it’s announced? And will the standard for promotion be “more compelling than Badlock?”
This discussion is taking place in InfoSecurity companies around the globe.
So, what say you, readers of Flack Me? Is this a blip on the radar? The start of a new trend? Kosher or not?
Mike Bush is a PR and Marketing freelancer with more than a dozen years of experience in the field. Find him on and connect Twitter @mikebush or at www.mikebush.nyc.
Sales Development Manager
Virginia Economic Development Partnership
Marketing Project Manager
Bonita Springs, Florida
San Francisco, California
Copywriter, Marketing, Insights and Commun...
University of St. Thomas
Saint Paul, Minnesota
Engel & Volkers Banner
Sugar Mtn, North Carolina
Restaurant & Retail Marketing Manager
Marketing & Communications Director
Museum of Contemporary Art Cleveland
Cleveland Hts, Ohio
Paid Search Analyst
Cox Media Group
Public Relations Manager
DAKCS Software Systems
West Haven, Utah
Creative Services Manager
MSC Industrial Supply
Melville, New York
New Media Jobs