Rouland [ISS, Inc.] said he didn't notify the developers of Apache because they aren't a formal company. Apache is open-source, meaning that the software and its blueprints are free and managed by programmers who coordinate its evolution. Complicating the matter, Rouland said he didn't trust Cox [Red Hat], who along with his Apache duties is the senior director of engineering at Red Hat Software, which distributes the Linux operating system. Rouland accused Red Hat of taking credit for earlier ISS research.. . .
Rouland [ISS, Inc.] said he didn't notify the developers of Apache because they aren't a formal company. Apache is open-source, meaning that the software and its blueprints are free and managed by programmers who coordinate its evolution. Complicating the matter, Rouland said he didn't trust Cox [Red Hat], who along with his Apache duties is the senior director of engineering at Red Hat Software, which distributes the Linux operating system. Rouland accused Red Hat of taking credit for earlier ISS research. Cox said he already knew about the hole from a different researcher, and that the ISS fix doesn't repair the entire problem.

"If ISS had told us before going public, we could have told them their patch was insufficient," Cox said. "The fact that they didn't has caused some problems."

The link for this article located at Washington Post is no longer available.