Magix AG to Sue a Security Researcher

German software company Magix AG threatened a security researcher with name “Acidgen” after he reported a stack buffer overflow vulnerability in the company's Music Maker 16. Acidgen alerted Magix representatives to the bug in several emails that also included proof-of-concept code that forced the Windows calculator to open and provided suggestions for fixing the bug.

After Acidgen informed the company that he planned to disclose vulnerability details when the patch was released he was warned by company`s attorney: "MAGIX does not appreciate that you are intending to publicly release the Exploit and to cause irreparable harm … As you maybe [sic] aware it is illegal to release software which is intended to commit computer sabotage (e.g. Sec. 202C I No. 2 German Criminal Law). In addition this announcement together with your offering to have the vulnerability fixed by your company may be considered as an attempted extortion".

These actions might trigger unhealthy reactions and many researches will not be sending information to vendors instead releasing it to the public.