TalentZoo.com |  Beyond Madison Avenue |  Digital Pivot |  Beneath the Brand Archives  |  Categories
Badlock, or Bad Form?
By: Mike Bush
Bookmark and Share Subscribe to the Flack Me RSS Feed Share
For about a month, an Internet security company hyped a vulnerability that they’d discovered. They created a logo and a website and even did a countdown. The PR folks behind the initiative? They did a good job getting coverage for their client. But when you stop and think this one through, there are a few questions that should come to mind.

First off, is it OK to hype a vulnerability? For background (and in case you’re not in the space), IT professionals and companies like SerNet, which discovered the flaw, regularly identify security issues in other vendors' software. It’s part of their job description, and their work is critical in keeping companies running.

The usual agreement (agreement may be too strong a word…it seems to be an unwritten rule) is that they identify a flaw and then reach out to the vendor with the flaw to let them know about what they’ve found. It gives the vendor a chance to fix the flaw before other hackers get to read about it and then try it out on their own. Generally speaking, if a company learns of a vulnerability and does nothing about it, that's when it is OK to go to the press. 

But the approach by SerNet was FAR different. They essentially created web content akin to “Hey, look at that, Microsoft engineers forgot to lock the back door.” Should this be OK?

Secondly, it turns out that quite a few folks in the security industry didn’t see this bug as such a big deal. Wired did a terrific job covering the entire thing, identifying experts who were referring to the vulnerability as “Sadlock.”

Lots of flacks in technology have, at various times, taken on clients that were marketing or selling vaporware. It happens, with startups and enterprises alike. In the case of SerNet, it isn’t quite vaporware, but it doesn’t seem like the industry found this to be the end of the world. As such, will security companies that make an interesting discovery feel compelled to market it before it’s announced?  And will the standard for promotion be “more compelling than Badlock?”

This discussion is taking place in InfoSecurity companies around the globe.

So, what say you, readers of Flack Me? Is this a blip on the radar? The start of a new trend? Kosher or not?


Bookmark and Share Subscribe to the Flack Me RSS Feed Share
blog comments powered by Disqus
About the Author
Mike Bush is a PR and Marketing freelancer with more than a dozen years of experience in the field. Find him on and connect Twitter @mikebush or at www.mikebush.nyc. 
Flack Me on

Advertise on Flack Me
Return to Top