The suit was filed in the US District Court for the Northern District of Illinois Eastern Division.
The company took exception to an article written by Goodin on 16 December which described a critical bug in the Keeper Password Manager bundled with Windows 10; the flaw was discovered by Google Project Zero researcher Tavis Ormandy.
The article, headlined "For 8 days Windows bundled a password manager with a critical plugin flaw", was revised twice to include comment from Keeper and Microsoft, and also to remove a characterisation that Keeper was forced on some Windows 10 users.
The initial headline read: "Microsoft forced users to install a password manager with a critical flaw." The abstract read: "Win 10 version of Keeper had bug allowing sites to steal passwords."
The revisions also sought to clarify how long the pre-bundled version was vulnerable and to define the role of the browser plugin.
In my professional opinion, suing those who discuss software vulnerabilities is itself a reliable indication of dangerously vulnerable software and incompetent security practices. For that reason, I will be avoiding Keeper Security products. https://t.co/hJVHHisTyL— matt blaze (@mattblaze) 20 December 2017
In the lawsuit, Keeper claimed Goodin and Ars Technica had published the article knowing and intending that it would be read by Illinois residents cause injury to Keeper which is an Illinois company.
It also claimed that Goodin had failed to contact Keeper for comment and to check his facts with Keeper or Microsoft before filing the story.
The suit alleged that the article misled users into believing that they were infected by merely having the Keeper software on their systems. It added that there been no reports of loss of information or security breaches due to the vulnerability in the password manager.
Haven't seen its accuracy disputed anywhere yet. Also, multiple major edits to the story don't look good for Ars or Goodin.— Seth Hall (@loteck) 20 December 2017
Keeper claimed that publication of the article had caused it to suffer damages to its business, stakeholder relationships and other damages. It said these would be proven at trial to exceed US$75,000.
The company has sought damages, lawyers' fees and costs, removal of the article, and any other relief deemed suitable by the court.
Some security professionals were not impressed by Keeper's reaction.
Researcher and academic Matt Blaze said in a tweet: "In my professional opinion, suing those who discuss software vulnerabilities is itself a reliable indication of dangerously vulnerable software and incompetent security practices. For that reason, I will be avoiding Keeper Security products."
Computer networking and security research Steven Bellovin said: "Did you read the suit? As I read it, they're unhappy that the article didn't describe the precise steps users had to take to be vulnerable -- but didn't dispute the flaw at all."
But others were supportive of Keeper's lawsuit.
Developer Scott Arciszewski said: "How dare Ars/Goodin try to update their article to be more accurate. That's what all slanderers do."
And another tech professional, Seth Hall, said: "Haven't seen its (the lawsuit's) accuracy disputed anywhere yet. Also, multiple major edits to the story don't look good for Ars or Goodin."
iTWire contacted Goodin but he declined to comment.