SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported
Research silenced amid copyright, trademark claim
Updated If you were at BSides Manchester in England this week, you hopefully caught James Williams' presentation on the shortcomings of some commercial antivirus tools.
If not, and you hoped to watch it on YouTube, you may be out of luck for a while.
That's because one of the vendors mentioned – SentinelOne – is rather upset with the talk, funnily enough titled "Next-gen AV vs my shitty code." To stop people seeing it, the Silicon Valley biz filed a copyright-infringement complaint to make YouTube remove a recording of the presentation from the BSides Manchester channel.
The effort to strip the presentation from the official channel, and out of sight of the internet, worked: at time of writing, the video of Williams' talk has been removed.
Not surprisingly, the takedown complaint is not being met with much sympathy from the security research community, which sees it more as an attempt by an embarrassed vendor to cover up bugs and stamp out unflattering attention.
Williams told El Reg he has yet to hear the reasoning on why the video has been taken down, while BSides Manchester organizers said they are still reviewing the video and claim to work out what got SentinelOne so upset.
For one thing, his presentation did not include any source code nor any other sensitive intellectual property owned by SentinelOne, from what we can tell.
The Register pinged SentinelOne for comment, which in turn revealed it was a tad unhappy with the presentation, something something something, copyright and trademark claim. A spokesperson told us:
We strongly support the work of BSides and participated in the conference earlier this year by sending our own researchers. We're always open to feedback, but we expect that feedback to come through the use of a supported version of our product and this video showed our 1.8.4 version which reached its end of life earlier this year (our notification from March can be found here).
In addition, as we are protecting critical global enterprises, if a party believes there's a bug in our product, we expect them to follow the common disclosure practices in place that protect the entire community.
From a legal perspective, the video breached our terms of service, copyright laws, and trademark laws. It was removed lawfully after being reviewed by YouTube. With that said, we've invited the author to collaborate with us on a supported version and look forward to that opportunity.
El Reg has asked for clarification on what exactly the infringing content was – because a breach of the antivirus maker's terms-of-service is not a valid reason to take down a video – and has yet to hear back at the time of publication. We also asked Williams to comment on SentinelOne's allegations about bug disclosure methods.
And if you want to see what all the fuss is over, Williams gave a very similar talk last month at SteelCon, a hacker gathering in the north of England, which happens to be online here...
...and you can find the slides and more resources on GitHub over here. ®
Updated to add
The video was restored to YouTube by 10am PT on Saturday.
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust