Experts say the legal manoeuvering would hurt users and vendors by thwarting dissemination of critical security information or by forcing researchers to publish advisories and code anonymously to avoid prosecution.

The move by Sybase came last week as Next Generation Security Software was preparing to publish the technical details of vulnerabilities in Sybase`s Adaptive Server Enterprise product. Although NGS notified Sybase of the issues and the vendor released patches for the flaws three months ago, Sybase officials sent a letter notifying NGS that it would be in violation of Sybase`s end-user license agreement (EULA) if it published further information about the vulnerabilities.