The trial of Guillaume Tena in France is highlighting the question of whether it is a good thing to publically announce security flaws. Tena posted proof-of-concept code that revealed vulnerabilities in Viguard, an anti-virus product known only in France, to a French newsgroup in 2001. He later published his research on a website. Tegam, the company that produces Viguard, reacted by initiating a prosecution under French copyright law.
Tegam claimed that Viguard would stop, "100 per cent of known and unknown viruses", however, any student of computer viruses knows that perfect anti-virus software is a mathematical impossibility. Perhaps Tegam should be prosecuted under consumer protection or false advertising laws?
Tena actually used to be a virus writer and wrote the first e-mail virus ever, Happy99, according to Mikko Hyppönen at F-Secure. "He appears to be a good citizen now, but there might be some animosity still felt against him at anti-virus companies."
Tena said the case could have a big impact on the French computer security community. "This case is not about violating intellectual property, it's about Tegam trying to shut me up. If security research is stifled, companies could produce a flawed product and no-one would know any better."