Mike Davis, director of intellectual property at HID, defended that position and the company's efforts to suppress the presentation of schematics and source code concerning its RFID proximity cards. In sometimes testy exchanges with Paget and Dan Kaminsky of IOActive and in comments to InfoWorld after the panel, Davis said that his company was "ambushed" by IOActive and never threatened to sue Paget or IOActive.

"We never intended to sue IOActive," Davis said, noting that the company only became aware of the issue on the 14th after Paget contacted them in an e-mail but took a week to formulate a response.

Differences between the free-wheeling IT security community and a more closed physical security industry may be partially to blame, according to Joe Grand, a security researcher at Grand Idea Studio.

"Hardware companies are generally not involved in the security process, so they don't know anything about disclosure. So their response is, 'Let's throw down the hammer,'" he said.

While the specifics of the dispute between HID and IOActive are shrouded by legal maneuvers, there was general agreement that insecure RFID deployments are a big problem that needs to be addressed soon.