Sybase ends action against security researcher

Sybase has dropped plans to take legal action against a security company that found security vulnerabilities in its enterprise database product.

UK-based Next Generation Security Software discovered the holes in Sybase’s Adaptive Server Enterprise database, but was then threatened by Sybase with legal action after it planned to publicise them.

Sybase feared the NGS advisory on the holes would open up its database customers to attack as a result of details being made available.

The two sides have however now ended their feud and have agreed on an advisory that satisfies both sides. Sybase has also issued patches to plug the holes.