We have great admiration and respect for the InfoSec community, the press that covers this industry, and of course place the protection and security of our customers’ information as the top priority. We want to offer clarity regarding our recent lawsuit directed to the contents of the Ars Technica article, which has undergone revisions since its original publication as several defamatory statements were made about Keeper. It is important to understand that our suit is separate from the issue identified by Tavis Ormandy, a highly-respected security researcher at Google.
We want you to know the following facts:
1. We immediately vetted and discussed with Tavis Ormandy the potential vulnerability published in
Tavis’ bug report.
2. After confirming the potential vulnerability with him, we patched it within 24 hours.
3. We acknowledged we had a bug or potential vulnerability in our Keeper Browser Extension, which is a separate application from our Keeper Desktop application.
5. There has been no reported or actual security breach or loss of customer information in connection with this bug.
6. We did not try to conceal the bug in any way.
7. As alleged in our lawsuit, the author of the Ars Technica article did not speak with us and did not
verify his facts with us before publishing the article. When the article was published, we immediately contacted the author.
We strongly believe in accurate vulnerability reporting and value the role that these professionals play in this process. We’ll continue to work with researchers on an ongoing basis to ensure that our product is the most secure and trusted solution in the industry.
CEO & Co-founder
Keeper Security, Inc.