Exegy Inc trying Extortion against a Security Researcher
As someone that has been in security research for little over two decades for personal growth and knowledge without ever turning in any findings, I am finding it really interesting how companies treat people when they reach out to them about wanting to disclose something or find out if they have a paid bounty program.
I have had the most interesting encounters with two well known companies when trying to disclose things in private. One of them being , a company I worked with for little over nine years. I cannot believe how they would treated me, especially always being an excellent high performing employee with them. I have attached the letter and all correspondence with Exegy and their multiple attorneys.
When I reached out to see if they have created a bounty program, since there was not one in place when I was last working there. Instead of ever talking and acting civilized, they decided it would be best to send their attorney after me. He sent a letter trying to extort me of my findings free of charge and demanded I turn them over in a few hours or else he would file false criminal charges against me with theFBI stating I was trying to extort them.
I still wonder if their attorney “Patrick Sellers” is allowed to practice law out of Missouri, since he never stated if he had any “In-house non-admitted registration”. He did state he was admitted to the bar other states, but would not disclose which state and address he was using for Exegy and the address on the letter was Exegy HQ in Saint Louis, MO.
It interesting how could FOW name “ David Taylor” as CEO of the year, since I would never think a person in a leadership position would ever try to extort someone with manipulative and deceiving tactics. I wonder if the shareholders at Marlin knew this was evening happening or if he was trying cover things up by having a law practice “Cooley LLP” reach out to me & ignore the extortion attempt.
If any company dealing with the financial and stock market are interested in reaching out to me, I am open to talking more and learning about the different security contracts you have with companies and it requirements. It would be interesting to learn more about what kind of things must be disclosed, what kind of testing a company needs to do and it turn around time for resolving issues.
If any attorneys are open to discussing this matter and the laws pertaining for someone interested in disclosing things with a company, I would be open for talking. I would hate for others in the security field to receive the same kind of treatment or lose out on being paid on their finding with such tactics.
The other company is about their spam awareness service, but due to the 3,000 character limit on posts, it soon to come.
