Evgeny Legerov, the 30-year-old IT security researcher, founder of Intevydis,
the Moscow-based IT security consultancy, has caused a quiet storm in security
research circles, after saying he plans to release zero-day flaws on a range of
popular applications, but without having notified the vendors concerned.
In an interview with US security journalist Brian Krebs, Legerov said he
plans to release flaws in a variety of packages that is likely to include Zeus
and Sun’s web server software, IBM DB2, Lotus Domino and Informix’ directory
server applications, including Novell, Sun and Tivoli directory.
In his interview with Krebs, Legerov said that, after working with vendors
long enough, "we’ve come to (the) conclusion that, to put it simply, it is a
waste of time".