In 2001, Tena, who is also a researcher in molecular biology at Harvard University, found a number of flaws in the Viguard antivirus software published by French firm Tegam International.

He published his research online in March 2002, including a long analysis of how the program worked, tests with real-world viruses, and security flaws that went against the company's claims that Viguard stopped 100 percent of viruses.

The War Begins

Tegam responded by first calling Tena a "terrorist," according to a description of the case that Tena has posted to his Web site.

As a matter of fact, Tena actually used to be a virus writer and wrote the first e-mail virus ever, Happy99, according to Mikko Hypponen at F-Secure. "He appears to be a good citizen now," Hypponen told NewsFactor, "but there might be some animosity still felt against him at antivirus companies."

Tegam eventually filed a formal complaint against the French-born researcher in a Paris tribunal. Since Tena's Web site is hosted in France, authorities seized his computer and redirected site traffic.

Tena has said the case is like Ford suing someone for finding a defect in a car's brake system . "If independent researchers cannot analyze security software and publish their discoveries, users will just have marketing press releases to assess the quality of software," he writes.

Tegam has defended its actions and is calling the validity of Tena's research into question. The trial began on January 4th, with a final ruling due on March 8th.

Potential Ramifications

Although the outcome of Tena's case likely will affect security research in France most directly, it could have ramifications for security reporting in other countries as well.

If the court rules that Tena violated copyright laws, companies in other countries might pursue similar litigation to keep their software flaws from being made public.

"As a matter of public policy, this kind of research ought to be protected," Ben Edelman, also a Harvard security researcher, told NewsFactor.

Truth or Consequences

The Tena vs. Tegam case highlights the ongoing tension between security researchers and hobbyists who disclose vulnerabilities and companies that publish software.

Microsoft often is critical of individuals who publish exploits, claiming the company is not given sufficient opportunity to correct problems before they are made public.

Researchers, on the other hand, feel they are providing a valuable service and making the Internet a safer place to work and play.

"Finding flaws in security software is absolutely essential, in order to help improve the security of the software we all rely on," Edelman said.

"Pointing out a company's false claims is important to help consumers distinguish high-quality software from software that's poorly designed," he added.